I'm planning on storing a bunch of records in a file, where each record is then signed with libsodium. However, I would like future versions of my program to be able to check signatures the current version has made, and ideally vice-versa.
For the current version of Sodium, signatures are made using the Ed25519 algorithm. I imagine that the default primitive can change in new versions of Sodium (otherwise libsodium wouldn't expose a way to choose a particular one, I think).
Should I...
- Always use the default primitive (i.e.
crypto_sign) - Use a specific primitive (i.e.
crypto_sign_ed25519) - Do (1), but store the value of
sodium_library_version_major()in the file (either in a dedicated 'sodium version' field or a general 'file format revision' field) and quit if the currently running version is lower - Do (3), but also store
crypto_sign_primitive() - Do (4), but also store
crypto_sign_bytes()and friends
...or should I do something else entirely?
My program will be written in C.
0 comments:
Post a Comment