curve25519-dalek unmaintained

Question

npmccallum opened this issue 3 years ago · 3 comments

I filed a PR against curve25519-dalek to update dependencies:

However, it appears that the crate is unmaintained and forces old dependencies all downstreams. There are numerous PRs requesting dependency updates that have all been ignored: https://github.com/dalek-cryptography/curve25519-dalek/pulls

I recommend we drop this curve OR make it optional until such time as a practical implementation can be made.

Answer 1 · 2022-07-15T16:04:29.000Z

There's curve25519-dalek-ng, a fork that resulted from an internal drama, but the last release is actually older than curve25519-dalek.

An alternative would be to use BoringSSL (that supports X25519 and Ed25519).

Answer 2 · 2022-07-15T16:33:47.000Z

We've had some previous requests to fork the dalek crates under @RustCrypto.

If that sounds interesting to you, it'd be helpful if you could leave a note about your use cases on this issue: RustCrypto/elliptic-curves#497

Answer 3 · 2022-09-20T15:56:48.000Z

ed25519-dalek was replaced with ed25519-compact.