Comment 4 for bug 2046154

I spoke to @tobhe for a crypto review.

Unfortunately Crypt::Perl::Ed25519 is not base on crypto RFCs. It is a port from Javascript and the math appears dubious [0].

Static analyzer results on libcryptx-perl are not happy, but fixable--especially after reducing the codebase. If libtomcrypt were updated to upstream's most recent commit instead of version, it *might* be a cleaner implementation for minimization.

Ideally we could use crypto software we already maintain, like OpenSSL. Please consider creating and maintaining a wrapper for `Crypt::OpenSSL::Ed25519` as a fourth option. The wrapper would be for [1].

The maintainers of libmail-dkim-perl might switch over if we do this :)

[0] https://metacpan.org/release/FELIPE/Crypt-Perl-0.38/source/lib/Crypt/Perl/Ed25519/Math.pm
[1] https://www.openssl.org/docs/man3.0/man7/Ed25519.html