Suggest moving off of ecdsa-secp256r1 npm package in favor of @noble/curves #12
Comments
jrayback
changed the title
|
To my knowledge the r1 curve is needed for compatibility with something on Apple devices. The k1 curve is from the Bitcoin community I believe. |
|
Ok. @kentbull , thanks. I'm not an expert. Do others have a POV? |
|
r1 is a NIST approved curve k1 is not, so anyone using KERI for government applications will want r1. Apple's secure enclave only supports r1. |
|
@SmithSamuelM , ok. Great info. Ok. I'll dig into see if there are better r1 options. |
|
I see no obvious replacement for the package we're using. In fact, seems to be used elsewhere as well. I recommend that we stick with it until/unless the maintenance issue becomes a problem. I'm closing this issue. |
|
Seems from comment by @AlexAndrei98 in #7 that the r1 curve is supported in @nobles. I'll look at it. |
See #7 , this is a similar situation. the ecdsa-secp256r1 looks like it hasn't been touched in five years. @noble/curves is being actively maintained and is audited. A potential issue is that @noble/curves only supports secp256k1. Is this algorithm of acceptable strength to support our use case? If so, I recommend switching to the better maintained, audited package.
The text was updated successfully, but these errors were encountered: