Cryptography and Julia

sambitdash · July 15, 2017, 6:31am

Hi All,

Is there any thoughts provided in supporting Cryptographic functions in Julia? I did not see any native crytographic API for Julia, hence wondered if there is any in the roadmap currently. The largest concern with Cryptography I have is related to the legal compliance and export concerns with countries where export restrictions apply. ECCN classification of the software need to be maintained in every release and how they are to be tracked in the long run.

Another option may be to use the platform level cryptographic capabilities only and not develop any new algorithm in the Julia base such that those can be used based on the availability of the APIs in the underlying platform. Export compliance may be easier as they are mere extension of what is there in the platform. That way any package using only those APIs may not have to individually worry about their export compliance needs. Moreover, FIPS compliance other such requirements may be obtained by reference to platform than specifically applying for it.

Please share your thoughts and experience around this.

tkelman · July 15, 2017, 6:57am

Which algorithms specifically are you looking for? There are fairly well-supported Julia bindings for MbedTLS available at https://github.com/JuliaWeb/MbedTLS.jl/, and the C library itself is bundled with Julia on all platforms (and used by the package manager for https support on Linux and ssh support on Mac).

That’s not to say that platform-specific bindings to Apple CommonCrypto, WinCNG, and maybe OpenSSL wouldn’t be useful though. Depends what you’re going for.

sambitdash · July 15, 2017, 7:12am

Thanks @tkelman

This is definitely great information. I was looking for some symmetric encryption options like AES256 or hashing algorthms like SHA256. Now that I know the API let me see if there is a FIPS compliant version of the same. OpenSSL various versions have FIPS compliance certified. Moreover, most major platforms like Apple, Hence, may be useful if used.

Does Julia go through a ECCN classification survey for all released versions or it’s expected to be carried out by the third party integrating with Julia?

regards,

Sambit

sambitdash · July 15, 2017, 7:15am

Ok. I got the additional info I needed as well:

https://tls.mbed.org/kb/generic/is-mbedtls-fips-certified

They may do it sometime soon. But not at this point in time.

regards,

Sambit

Christian_Dengler · January 19, 2024, 9:47am

For those still looking into this topic, I found a simple to use AES implementation in the Nettle package https://github.com/JuliaCrypto/Nettle.jl .