From f606f7e263a96e005cf6153a6db8fe00d465640f Mon Sep 17 00:00:00 2001 From: Henrik Hautakoski Date: Thu, 23 Mar 2023 17:17:43 +0100 Subject: [PATCH] README.md: Update to reflect the use of libsecp256k1 --- README.md | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 40bb6d7..b9ded7c 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,19 @@ NOTE: This repository has no connection to the official EOS code. You will need `openssl` development files (version 1.1 or later) to compile and `cmake 3.15` or later to compile this project. +### Elliptic curve backend + +There is two different backend implementation for the elliptic curve part of the library: + +* `OpenSSL` as mentioned before. however you still need to link to openssl even if it is not used as the EC backend + because more of the codebase uses it. + +* `libsecp256k1` + +Default is to use `libsecp256k1` as it is more optimized. + +You can switch implementation by modifing the cmake variable `EC_LIB`. + ### CMake You can install `cmake` by reading the [official guide](https://cmake.org/install). @@ -96,13 +109,14 @@ C:\repo> cmake --build build --config Release ## Security notice -Keys are generated by `OpenSSL`'s `EC_KEY_generate_key` function. The library will -never expose keys to anything but the computers memory (and standard output if you call such a function of course). +Elliptic curve crypthographic operations is done using either `OpenSSL` or `libsecp256k1` libraries. +This library (libeosio) will never expose sensitve cryptographic information +to anything but the computers memory. You are free to inspect the source code and compile yourself to verify. However, use this at your own risk. we cannot guarantee that the keys are -cryptographically secure as this depends on OpenSSL's implementation (alto it is -widely used and should be safe) +cryptographically secure as this depends on the elliptic curve +implementation (alto both OpenSSL and libsecp256k1 are widely used and should be safe) Please read the `LICENSE` file.