Current specification and documentation: https://github.com/emboss/krypt/wiki
A project for new ruby crypto library.
Status: project building
From implementation point of view.
- crypto primitives independence of OpenSSL
- more code in Ruby for flexibility
Martin Boßlet is going to talk about this project as a part of his presentation at RubyConf 2011. http://rubyconf.org/presentations/38
Ruby OpenSSL: Present, Future and why it matters
30 Sep 11:15 (2nd day)
- keep the good parts, improve the rest
- specification for the "minimal API"
- ideally just replace 'OpenSSL::' by 'Crypto::'
- security by default
- K I S S - simple default, but fully configurable
- forbid dangerous configuration (well, not really)
other useful additions (if-possible)¶
- integration of “secure storage”
- engine integration (PKCS#11, ...)
- Take existing implementation
- Iterate API (API for user) design through 2 implementations
- An implementation based on ossl+OpenSSL
- An implementation based on jruby-ossl+JCE (for JRuby)
- Design SPI (API for engine; NSS, PKCS#11) later
- Make it work and release as soon as possible
- Replace it step by step
- Graceful migration from ossl
- Existing scripts which use basic ossl feature should work with just replacing OpenSSL -> Crypto
-  is what I and gotoyuzo talked about the hierarchy in August.
- Using DER as universal serialization format
- release as a gem first
- gem name? (crypt and crypto are not available on rubygems.org)
- > 50% of current ext/openssl is about ASN.1
- use Asn1::Template by emboss
- more code in Ruby
- flesh out minimal API to support crypto primitives: Cipher / Digest / ASN1 / RSA / DSA / ECC class ASN1 def self.decode(der) end
- multiple implementations of this minimal API possible
- Mozilla NSS ?
- GNU gcrypt ?
- CAPI (Windows) ?
- CommonCrypto (OS X) ?
use Asn1::Template and the minimal API to implement the rest
- PKCS7 (-> CMS::SignedData)
- Martin Boßlet: ruby committer(emboss), (one of) current OSSL(ext/openssl) maintainers - http://github.com/emboss, Martin.Bosslet@googlemail.com
- Hiroshi Nakamura: ruby committer(nahi), a contributor to old OSSL project - http://github.com/nahi, nahi (Hiroshi Nakamura), firstname.lastname@example.org
- GOTOU Yuuzou (Observer): ruby committer(gotoyuzo), one of the original OSSL authors - gotoyuzo (GOTOU Yuuzou)
Those who are interested in participating, please contact us.