From Fedora Project Wiki

No edit summary
No edit summary
Line 1: Line 1:
{{admon/warning|Historical content|This page is retained as a historical record. The crypto consolidation effort is no longer pursued by the Fedora project. We work towards integrating the various libraries to the operating system, for applications to behave consistently, independent of the crypto implementation. Later features - [[Features/SharedSystemCertificates]] and [[Packaging:CryptoPolicies]] - create a common CA certificate store and ensure consistent crypto policies on the main crypto libraries we ship.}}
= Fedora Crypto Consolidation - History =


= Fedora Crypto Consolidation - History =
Over the years there were  attempts to consolidate cryptographic libraries in Fedora. The previous crypto consolidation effort is no longer pursued by the Fedora project. This page is retained as historical record, and to provide a simple guideline in selecting a crypto back-end when choice exists. 
[https://fedoraproject.org/wiki/FedoraCryptoConsolidationBackup Proceed to the historical record of the Crypto Consolidation Project].
 
= Selecting a crypto library =
 
For applications which may provide multiple cryptographic back-ends, our recommendation is to utilize the back-end preferred by the upstream project/developer, as long as it does integrate with the Fedora system, that is, following [[Packaging:CryptoPolicies]] and [[Features/SharedSystemCertificates]].  When considering integration with Red Hat Enterprise Linux, it is preferred to utilize one of the following crypto libraries (in no particular order).
 
* NSS
* GNUTLS
* OpenSSL
* libgcrypt


[https://fedoraproject.org/wiki/FedoraCryptoConsolidationBackup Proceed to the historical content]
Although nettle is available as a cryptographic back-end, it is not recommended to use since [https://access.redhat.com/articles/rhel-abi-compatibility there is no API or ABI stability guarrantee].

Revision as of 11:02, 28 March 2017

Fedora Crypto Consolidation - History

Over the years there were attempts to consolidate cryptographic libraries in Fedora. The previous crypto consolidation effort is no longer pursued by the Fedora project. This page is retained as historical record, and to provide a simple guideline in selecting a crypto back-end when choice exists. Proceed to the historical record of the Crypto Consolidation Project.

Selecting a crypto library

For applications which may provide multiple cryptographic back-ends, our recommendation is to utilize the back-end preferred by the upstream project/developer, as long as it does integrate with the Fedora system, that is, following Packaging:CryptoPolicies and Features/SharedSystemCertificates. When considering integration with Red Hat Enterprise Linux, it is preferred to utilize one of the following crypto libraries (in no particular order).

  • NSS
  • GNUTLS
  • OpenSSL
  • libgcrypt

Although nettle is available as a cryptographic back-end, it is not recommended to use since there is no API or ABI stability guarrantee.