Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add EdDSA/ed25519 ISignatureVerifier #62

Closed
Deadpikle opened this issue Jun 23, 2019 · 8 comments
Closed

Add EdDSA/ed25519 ISignatureVerifier #62

Deadpikle opened this issue Jun 23, 2019 · 8 comments
Labels
enhancement good first issue
Milestone
2.0.0

Comments

@Deadpikle
Copy link
Collaborator

Deadpikle commented Jun 23, 2019
edited
Loading

See vslavik/winsparkle#187 and changes in Sparkle. Would need to create a new class that implements ISignatureVerifier.
@Deadpikle Deadpikle added this to the 2.x milestone Mar 22, 2020
@Deadpikle
Copy link
Collaborator Author

There's an ed25519 library compliant with .NET Standard here: https://github.com/Deadpikle/Chaos.NaCl (forked from https://github.com/CodesInChaos/Chaos.NaCl). It's in the public domain. If that were to be referenced from our project, implementation would be fairly straight forward.

@Deadpikle Deadpikle changed the title Deprecate DSA in favor of EdDSA Add EdDSA ISignatureVerifier Apr 26, 2020
@Deadpikle Deadpikle changed the title Add EdDSA ISignatureVerifier Add EdDSA/ed25519 ISignatureVerifier Apr 26, 2020
@Bren2010
Copy link

Bren2010 commented Jun 2, 2020
edited
Loading

@Deadpikle If this is easy, do you mind doing it? DSA-SHA1 signatures haven't been secure for many years, and it would be nice to have a secure option

Edit: I did try to do it myself, but got lost in the weeds

@Deadpikle
Copy link
Collaborator Author

@Bren2010 I will try to do it within the next week if I can!

@mphill
Copy link
Contributor

mphill commented Jun 5, 2020

Just wanted to chime in, I added Ed25519 support the to AppCastGenerator last night.

DSACryptoServiceProvider is a thin windows only wrapper. Can't generate keys on linux / mac.

I can implement ISignatureVerifier for Ed25519 this weekend, we can switch the project over to Ed25519 if you want.

Let me know.

@Deadpikle
Copy link
Collaborator Author

I was planning to work on it this Sunday if I could. I don't mind if you open a PR for it, but there's no rush. I'll check again Sunday whenever-I-get-to-it to see if you've done it already; if not, I'll work on it. (Also planning to look at your other PR on Sunday.)

I am planning/will want unit tests for Ed25519 stuff. We'll also need a new/updated command line tool for verifying/checking/generating Ed25519 keys.

I really appreciate your help, here.

@mphill
Copy link
Contributor

mphill commented Jun 6, 2020

https://github.com/mphill/NetSparkle

I didn't do a PR yet, but I already merged the command line checker into the app cast app and created Ed25519Checker.

These are the new options:

 --generate-keys                   Generate keys

  --force                           Force regeneration of keys

  --generate-signature              Generate signature from binary

  --verify                          Binary to verify

@Deadpikle Deadpikle modified the milestones: 2.1+, 2.0.0 Jun 7, 2020
@Deadpikle
Copy link
Collaborator Author

@Bren2010 Ed25519 support is now on develop and is in v2.0.0-preview20200607001 (available once CD finishes) along with many updates to the app cast generator tool! Please test it out and let us know if you have any issues.

@Bren2010
Copy link

Bren2010 commented Jun 8, 2020

Thank you!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
3 participants
@Bren2010 @mphill @Deadpikle