Top 3 C Signature Projects

• CreepyCodeCollection

  3 2,346 0.0 C

  A Nonsense Collection of Disgusting Codes

• stunning-signature

  1 197 0.0 C

  Native Signature Verification For Android (with example)

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• libsodium-signcryption

  7 57 0.0 C

  Signcryption using libsodium.

Project mention: Macaroons Escalated Quickly | news.ycombinator.com | 2024-01-31

I like the "solve the now" perspective here, and having code examples is very helpful to understand some of the rational behind the approach. Having read your previous "tedious survey"[0] post on various token formats, I generally agree with a lot of your conclusions. Curious though about your thought process wrt macaroons vs biscuits.

To me the one major downside of macaroons has always been the single shared root symmetric key. Many use cases are addressed by third party attenuation, but then there are the problems like key rotation, having to do online verification, no built in encryption, no peer-to-peer support through an "untrusted" fly.io, and no third party token verification without decryption like in signcryption[1] schemes. Of course this is traded off by having to do PK issuance and management so I can see the simplicity of it.

Is fly.io scoping this pretty hard to just auth tokens with third party attenuation, or do you see further development and maybe moving to other token systems like biscuit when/if the need arises to address those known issues?

fwiw I've done a bit of research work myself on a token format using signcryption [2] where I explored addressing some of these ideas (but not the attenuation side of it yet, which I get is a big deal here).

[0] https://fly.io/blog/api-tokens-a-tedious-survey/

[1] https://github.com/jedisct1/libsodium-signcryption

[2] https://github.com/michelp/pgsodium/blob/feat/signcryption-t...

C Signature related posts

• Macaroons Escalated Quickly
  4 projects | news.ycombinator.com | 31 Jan 2024
• Creepy Code Collection: A Nonsense Collection of Disgusting Codes
  1 project | news.ycombinator.com | 6 Oct 2022
• Show HN: Pgsodium – A Crytographic PostgreSQL Extension
  4 projects | news.ycombinator.com | 10 Jan 2022
• Pgsodium 2.0.0: Modern cryptography for PostgreSQL
  3 projects | news.ycombinator.com | 9 Jan 2022
• pgsodium 2.0.0: Modern cryptography for PostgreSQL
  3 projects | /r/PostgreSQL | 9 Jan 2022
• A note from our sponsor - WorkOS
  workos.com | 25 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending C projects with our weekly report!