Skip to content

Security Notes

Audits

This extension relies on the following Rust libraries ("crates") for performing its cryptographic operations.

  • RustCrypto's chacha20poly1305 crate is a pure Rust implementation of the RFC8439. This library has received a security audit by NCC Group, with no significant findings. The report confirmed the implementation uses recommended constant-time techniques. The report is available here

  • RustCrypto's RSA crate is a pure Rust implementation of the RSA cryptosystem. This library has received one security audit by Include Security, with only one minor finding which has since been addressed. The report is available here