-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using eosjs-ecc, should migrate to eosjs v21 methodology #136
Comments
@bradlhart May I know the reason of changing eosjs-ecc to elliptic? any referencing discussion? |
@bradlhart Why don't we just change this within eosjs-ecc library instead and keep it as a generic library for Just want to have a clarification of the necessity on this change. |
elliptic is a more widely used package and can be easily used with eosjs. As a result, the need for a second elliptic library (eosjs-ecc) is no longer necessary. eosjs v21 includes several classes to convert and use signatures as well as private and public keys (https://github.com/EOSIO/eosjs/releases/tag/v21.0.0-rc1). Additionally, we are adding helper functionality for some of the widely used functions in eosjs-ecc so that most developers don't need to use elliptic directly (EOSIO/eosjs#653). However, you mentioned that you wanted to generate a key pair and that functionality won't be added so that it's not encouraged to generate private keys in production in the browser as it is insecure. |
eosjs-ecc is a copy-pasta of multiple open-source repos. The code fell behind updates to the original repos, and one of original repos (the one some of the key crypto functions was copied from) went out of maintenance. We don't have anyone available who can check eosjs-ecc for security vulnerabilities which may have already been fixed in newer libraries and keep it up to date. eosjs 21 relies on a well-maintained crypto library so we can avoid this maintenance problem going forward. |
With the near release of eosjs v21, a push from eosjs-ecc to elliptic has been decided. This repository utilizes eosjs-ecc and should migrate to the new methodology using eosjs v21 and elliptic.
Before the release of eosjs v21, the eosjs edge release on npm will have the necessary functionality as well as the elliptic npm package to create a branch for this repo ready to release after eosjs v21.
Please see related PRs for example migrations:
EOSIO/eosio-reference-chrome-extension-authenticator-app#37
EOSIO/ual-scatter#56
EOSIO/eosjs-ledger-signature-provider#32
The text was updated successfully, but these errors were encountered: