Adding a new cryptographic library as TW Plugin

TW_cypher
I wonder if it would be possible to enhance crypto in TW by using ed25519 key pairs crypto?

Then “keylocker” could use public keys to address private key owners only

This library is providing it

I wonder if anyone could help me “make it a plugin”

1 Like

I don’t remember exactly but I think I recall there was talk at one point to consider LibSodium as it can compile to WASM. However the SJSC lib has the advantage of being small-(ish) and convenient to be included as core within the HTML. I think that lib sodium was a bit too heavy to be part of the base size of TW.

One of the issues is that any crypto code must be separate from tiddlers or plugins as it is needed for bootstraping the TW system (in the same way the core code is).

Sure a different crypto lib could be used to replace the SJSC lib though doing so I think might be an exercise for someone willing to fork their own modified version as SJSC is just so convenient for the official TW code base.

1 Like

The advantage of the built in crypto library is, that it is completely self contained, with no external dependencies.

Your suggested library seems to have 8 external dependencies: package.json · main · libs / G1lib.js · GitLab. Several of them have other dependencies.

Only 1 package has some info about 3rd party auditing. I don’t see, why a crypto library needs node-fetch as a dependency, which in turn have plenty more dependencies … node-fetch is for networking and imo has nothing to offer for a crypto library.

If it is “compiled” and minified, how big is it the whole stuff?

I personally wouldn’t touch it.

1 Like

I don’t know the exact size, but for “browser only” packaging is without dependencies

This discussion is parallelized with G1lib maintainer

Could there be an advantage having the encryption and decryption as seperate plugins?.

It seems there may be cases where one would selectively install and de-install these components, made very easy with bookmarklets.

  • For example install the decryption component to view content but the save mechanism does not commit it/them to the wiki.

:candle:
Thanks to this “double thread” it appears that a minified version exists (67kB)

https://unpkg.com/g1lib@3.4.2/browser/crypto.mjs

Now I need to “retro engineer” the “action locker” button
and understand how to “plug” g1lib.

Not to make a big mess, Is there any system “$:/” path I should know?

@jeremyruston
or anyone else may be knowing who has introduced the actual “crypto layer”?
I’d be pleased to discuss with

hmmm, Just because something is packaged for a browser doesn’t mean, that it’s dependency free. It only means it is 1 file, which contains all the code.

Where the code comes from is important. If it is spread over more than 1 repository, it “has” dependencies. … It’s OK to spread the code.

BUT for a crypto library, that you need to trust, it’s needed to be able to completely understand the code and how it is built, not just include a minified js file and trust it.

Since I can’t read French, I can’t read the other discussion. So I’m out.

Since I use deepl.com i can read and write english, and even more :wink: