Comments (5)
I think ed/curve/x25519-dalek had to be locked due to an incompatibility with the RustCrypto crates, but they have recently gotten some new maintainers and releases and we should be able to update now, hopefully. In general I agree with making the dependencies compatible but it can be tricky sometimes.
from anoncreds-rs.
I am not opposed to fixing this, preferably by updating deps like x25519-dalek
instead of lowering zeroize
in anoncreds-rs
. Is this something the vcx team can pick up as it would be a lot easier for you to discover the issues and create pull requests for them. I'd be happy to accept them.
from anoncreds-rs.
Thanks for the reply. Yea agreed that x25519-dalek
updating (i.e. to "2"
) would be the ideal solution.
I've started a thread/PR in indy-utils (which is where i think the root of the immediate issue is), seeking that they loosen their x25519-dalek
dependency. As this seems to immediately allow anoncreds, askar and indy-vdr to play nicely together.
However long-term would be for everyone to coordinate a [email protected]
upgrade
from anoncreds-rs.
@andrewwhitehead — what do you think of this synchronization across the shared components?
from anoncreds-rs.
I have a local branch updating the indy-utils ed25519 support for the 2.0 versions, it's not a huge change. It looks like this would also address a new CVE against the older versions.
I plan to release a new indy-credx patch version with the latest updates (staying on 1.1) before updating to 2.0 in a new minor release. aries-askar is also due for a new release, but I'm not certain if it's desirable to update to the 2.0 versions before that, or wait for the next one.
Given that indy-utils and indy-data-types are both used in indy-credx and indy-vdr currently (and nowhere else), I think it makes sense to merge indy-utils into indy-data-types for the next breaking release. Instead of re-implementing the ed25519 support it would be possible to depend on askar-crypto for this, but that might further complicate the dependency picture (unless it helps to guarantee compatibility?).
from anoncreds-rs.
Related Issues (20)
- ImportError create_link_secret from anoncreds-test 0.1.0.dev10 HOT 2
- -dev version of JavaScript wrapper should be released under dev tag on NPM HOT 1
- Provide sample HOT 4
- Verifying a proof containing a value of "0" fails
- [Question] How to get revocation status list for a prover? HOT 8
- @hyperledger/anoncreds-nodejs invalid reference to binary v0.2.0-dev.5 HOT 1
- release assets HOT 2
- Non revocation proof cannot be parsed by Indy-SDK HOT 3
- Issuing credentials with optional values HOT 5
- Proofs created between AnonCreds RS and Indy SDK are different HOT 15
- Should `id` be included in AnonCreds W3C credential, or is it 'valid' to only include it in the W3C credential HOT 2
- Numbers should be included as numbers in the AnonCreds W3C VC HOT 1
- Relax DID validation on prover_did on a credential request HOT 3
- W3C CredentialSubjectId property not set correctly HOT 2
- Revocation Registry ID validation is failing HOT 6
- Data Integrity Proof Cryptosuite naming HOT 5
- Update AnonCreds Data Integrity Proof docs for the new cryptosuite value
- Initially created W3cCredential uses string for number values HOT 3
- Security best practices for verifying AnonCreds W3C VPs HOT 2
- Conversion from W3cVerifiableCredential to the legacy format fails HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anoncreds-rs.