Make Ed25519/X25519 support required and Ed448/X448 recommended #21
Description
Awala uses RSA-PSS keys for digital signatures and ECDH with NIST curves (e.g., P-256) for encryption, but we want to migrate to 25519/448.
Digital signatures (RSA-PSS to EdDSA)
We want to drastically reduce the size of the certificates attached to RAMF messages. One drawback, however, is that verifying a signature takes a lot longer with Ed25519 vs RSA-2048 (signature production is faster, but it doesn't matter in Awala -- signatures are checked a lot more often).
RSA-PSS would still be supported but no longer recommended.
Encryption (ECDH with NIST curves to X25519/X448)
NIST curves are controversial, and I don't want that FUD to extend to Awala.
NIST curves would still be supported but no longer recommended.
Why we can't do it yet
These curves are natively supported across all the platforms we support today. However, we also need our third-party cryptographic libraries to support them in their CMS SignedData and EnvelopedData implementations:
- BouncyCastle, used by the Awala Kotlin library on the JVM and Android, appears to support them.
- PKI.js, used on Node.js, does not support them.
For the record, I've had public and private conversations with the Peculiar Ventures team about adding support for these curves in PKI.js, and I've also asked Google to support EdDSA and X25519/X448 on their Cloud KMS.