On Jan 14, 2014, at 1:19 AM, jonat...@mugginsoft.com wrote: > As Jens comments the security APIs are ridiculously opaque. > Perhaps this is seen as a necessity in the serious world of crypto - perhaps > it is just hard to avoid. However, it is a liability.
Crypto is inevitably sort of complex, but Apple’s to blame for some bad (and downward-trending) API design and poor documentation. Other crypto APIs that I’ve seen are much clearer. > By comparison libcrypto is pretty straightforward. > The only problem with retaining it is the extra complexity involved in > integrating the static library build into the project and upgrading the > source. My reservation about using libcrypto would be key storage. The Keychain is a pretty great thing — a secure place to store keys that’s well-integrated into the OS. I don’t know how OpenSSL stores keys, but if it’s using some other mechanism, it’s probably less secure. This thread should probably move to apple-cdsa (which is the fittingly-obscure name for the security/crypto mailing list.) —Jens _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com