Adding standalone RSA code
Colin Percival
colin.percival at wadham.ox.ac.uk
Thu Dec 9 20:59:12 PST 2004
I'd like to add a new library for lightweight barebones RSA
computations, and associated commandline rsa-makekey, rsa-sign,
and rsa-verify utilities.
To a certain extent, this duplicates existing functionality
(openssl), but I think my code has important advantages which
justify the duplication:
1. It is lightweight (around 2% of the size of openssl), which
may allow it to be used in memory-limited environments,
2. It is far more auditable, due to its smaller size, and
3. It is designed for security rather than performance; I made
certain design decisions which result in my code being rather
slower than openssl as a result of a desire to avoid potential
attack vectors.
My reason for wanting to add this code is that I'm using it
in FreeBSD Update (and recently portsnap as well) and this is
the first step towards migrating that into the base system.
Any objections?
Colin Percival
More information about the freebsd-arch
mailing list