In discussion https://forum.dlang.org/thread/osnema$d5s$1@digitalmars.com it became clear, including crypto logic into phobos might be a pandora box and should be avoided. An alternative is to provide a crypto interface within phobos with implementations for SChannel (windows api), mbedtls, openssl, ... As a starting point, I am interested in RSA Digital Signature Validation but The crypto interface should be open for any algorithm.
*** Issue 16510 has been marked as a duplicate of this issue. ***
Hmm, not sure if this wouldn't be a huge effort for Phobos + given that crypto needs to be able to be patched within hours, I'm inclined to make this a WONTFIX too. The best library solution I know is this https://github.com/LightBender/SecureD
(In reply to Seb from comment #2) > Hmm, not sure if this wouldn't be a huge effort for Phobos + given that > crypto needs to be able to be patched within hours, I'm inclined to make > this a WONTFIX too. > > The best library solution I know is this > https://github.com/LightBender/SecureD If in Phobos crypto functionality isn't directly implemented but a nice wrapper is available around operation system crypto libraries (on windows SChannel) / OpenSSL /... then neither Phobos needs to be patched nor the application developer needs to ship a new version of his application. The crypto fix will be provided by the operation system (windows update in case of windows...) (Delphi is using this approach) What I suggest is a crypto interface in Phobos with implementations for SChannel / OpenSSL / ...
THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/phobos/issues/10269 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB