[bisq-network/bisq] Remove bcprov from direct dependencies - a major step towards eventually removing Bouncy Castle (#3195)
battleofwizards
notifications at github.com
Tue Sep 3 13:32:34 UTC 2019
This removes `org.bouncycastle:bcprov` from **direct** dependencies.
We still depend on this jar **indirectly** via `bouncycastle:bcpg`, which is used for PGP signature verification of Bisq Desktop updates.
This gets us closer to prospect of removing Bounce Castle dependency entirely in the future.
Rationale for this direction:
* We are really only using Bouncy Castle for PGP sig verification
* Java's builtin cryptography got vastly better since 2000; no more key length restrictions
* We should prefer boring and proven cryptography anyway
* Australian projects should be considered compromised and Bouncy Castle is managed by Australian non-profit organization
* Bouncy Castle is a heavy dependency totaling 3.6MB
In the process:
* Ergo coin got removed
* BC Base64 got replaced with Java's builtin version (which is much faster BTW)
* BC Hex got replaced with Guava's version
Note to reviewers: individual commits are easier to review than full diff. They also provide more details.
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/3195
-- Commit Summary --
* Replace bouncycastle Hex with guava Hex
* Replace bouncycastle Base64 with java builtin Base64
* Remove Ergo coin as prep to remove Bouncy Castle
* Remove bouncycastle:bcprov from *direct* dependencies
-- File Changes --
D assets/src/main/java/bisq/asset/coins/Ergo.java (66)
M assets/src/main/resources/META-INF/services/bisq.asset.Asset (1)
D assets/src/test/java/bisq/asset/coins/ErgoTest.java (48)
M build.gradle (3)
M common/src/main/java/bisq/common/crypto/CryptoUtils.java (1)
M common/src/main/java/bisq/common/crypto/Encryption.java (5)
M common/src/main/java/bisq/common/crypto/PGP.java (5)
M common/src/main/java/bisq/common/crypto/Sig.java (6)
A common/src/main/java/bisq/common/util/Base64.java (33)
A common/src/main/java/bisq/common/util/Hex.java (31)
M core/src/test/java/bisq/core/crypto/EncryptionTest.java (5)
M p2p/src/main/java/bisq/network/p2p/storage/P2PDataStorage.java (5)
M pricenode/src/main/java/bisq/price/spot/providers/BitcoinAverage.java (5)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/3195.patch
https://github.com/bisq-network/bisq/pull/3195.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/3195
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190903/6128884e/attachment.html>
More information about the bisq-github
mailing list