Unfortunately Crypt::Perl::Ed25519 is not base on crypto RFCs. It is a port from Javascript and the math appears dubious [0].
Static analyzer results on libcryptx-perl are not happy, but fixable--especially after reducing the codebase. If libtomcrypt were updated to upstream's most recent commit instead of version, it *might* be a cleaner implementation for minimization.
Ideally we could use crypto software we already maintain, like OpenSSL. Please consider creating and maintaining a wrapper for `Crypt::OpenSSL::Ed25519` as a fourth option. The wrapper would be for [1].
The maintainers of libmail-dkim-perl might switch over if we do this :)
I spoke to @tobhe for a crypto review.
Unfortunately Crypt:: Perl::Ed25519 is not base on crypto RFCs. It is a port from Javascript and the math appears dubious [0].
Static analyzer results on libcryptx-perl are not happy, but fixable--especially after reducing the codebase. If libtomcrypt were updated to upstream's most recent commit instead of version, it *might* be a cleaner implementation for minimization.
Ideally we could use crypto software we already maintain, like OpenSSL. Please consider creating and maintaining a wrapper for `Crypt: :OpenSSL: :Ed25519` as a fourth option. The wrapper would be for [1].
The maintainers of libmail-dkim-perl might switch over if we do this :)
[0] https:/ /metacpan. org/release/ FELIPE/ Crypt-Perl- 0.38/source/ lib/Crypt/ Perl/Ed25519/ Math.pm /www.openssl. org/docs/ man3.0/ man7/Ed25519. html
[1] https:/