Comments (1)
Hey there,
rustls only provide TLS - webauthn-rs does not use TLS at all! webauthn-rs in this case is relying on cryptographic primitives such as sha2 and ecdsa (which something like rustls combines to create a tls implementation).
So the question you probably want to ask is "why are you using openssl over ring/other rust crate". There are multiple reasons.
First, no other rust cryptograhic primitive library supports the ability to recreate a public ecdsa key from it's x/y components which is required by webauthn. It's literally impossible to use any other library for the cryptographic operations we require.
Second, as I work for SUSE and we have use for this that may end up with clients, there may be requirements to use a verified cryptographic provider - which openssl is but the other rust primitives are not.
Third openssl for it's flaws, has many people now working on it and funding and support that other libraries simply do not have (ie libressl).
Fourth many of the dangers/pitfalls of the openssl api aren't present in it's rust bindings just by virtue of the type system.
If it helps you, this library has had a security assessment and review especially around the use of openssl and the cryptographic elements and it passed with flying colours. You can have a look and review yourself if you like :) https://github.com/kanidm/webauthn-rs/blob/master/src/crypto.rs#L323
Hope that helps,
from webauthn-rs.
Related Issues (20)
- Start the flow without creating unique_user_id? HOT 1
- Actix tutorial fails to finish registration in Safari HOT 3
- Google Titan Security Key USB-C/NFC fails some compatibility tests HOT 9
- Add EdDSA capabilities HOT 13
- Verifying CredentialID has not been previously registered and updating credential HOT 38
- Conditional compilation of webauthn_rs_core::attestation::verify_attestation_ca_chain HOT 5
- No getTransports when attesting a security key HOT 3
- [Discussion] What order should COSEAlgorithms be in secure_algs and all_possible_algs?
- Fixup clippy 1.75 lints (get_first)
- `name` and `displayName` validation of empty strings leads to `InvalidUsername HOT 6
- CredProps::rk should be public HOT 1
- `libssl.so.1.1` no such file or directory HOT 1
- Pure Rust cryptography backend HOT 5
- Build breaks on MSRV due to transitive dependency on bumpalo which exceeds our MSRV
- Missing enum variant of `AuthenticatorTransport` causes error on android HOT 2
- `danger_set_user_presence_only_security_keys()` seems not to be working HOT 2
- Dependency on old compact_jwt revision HOT 1
- Hybrid Transport (caBLE): State-assisted Transactions
- Server-side WASM support HOT 5
- Question: Is not implementing PartialEq or EqEq on some types intentional? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn-rs.