incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Spector <>
Subject Re: [VOTE] Release Apache Milagro (incubating) Crypto Libraries v1.0.0
Date Thu, 22 Aug 2019 07:26:30 GMT
Hi, even though my vote is non-binding, as a member of the PPMC I vote:

    [ ] +1 approve

Please support our effort to get this release out.


´╗┐On 21/08/2019, 16:10, "John McCane-Whitney" <> wrote:

    This is a call to vote to release the Apache Milagro (incubating) Crypto Libraries v1.0.0.
    The Apache Milagro (incubating) community has voted to approve this release with 5 x +1
votes.  The vote thread can be found here:
    (Note that my original [VOTE] email doesn't render for some reason, but its contents can
be seen further down in the thread)
    And a summary of the result:
    This release includes both C and JavaScript libraries tagged as v1.0.0 in the following
    Crypto C Library:
    milagro-crypto-c is a modern cryptographic C library that focuses on Elliptic Curve Cryptography
but has support for legacy systems that require RSA. There is support for three different
security levels; 128, 192 and 256 bit. It has been written only in C and has no external dependencies
other than an entropy source. Measures have been taken in the code base to prevent side channel
attacks.  Pairing based cryptography (PBC) is a maturing field that has recently gained widespread
acceptance. The library supports schemes that make use of PBC such as BLS for short signatures
and MPIN for multi-factor authentication (MFA).
    Crypto JavaScript Library:
    milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has all the same
functionality, API and even the intermediate calculated values in the functions are the same.
This library allows you to run MFA using MPIN in the browser which, to the best of our knowledge,
is the only such implementation of MFA in this context.
    Both libraries have been under active development for many years and the APIs haven't
changed in several months. There are extensive tests using third party test vectors and the
tooling required to deploy this software into a modern software project. We believe that the
code base has reached the point that we can perform general availability (GA) releases.
    The compressed archives from these release along with a SHA512 checksum, PGP signature
and PGP key file are being staged here:
    Specifically, for the C library:
    Source code archive:
    SHA512 checksum:
    PGP Signature:
    And for the JavaScript library:
    Source code archive:
    SHA512 checksum:
    PGP Signature:
    Please note that the project's website ( has been updated to
include the standard Apache incubator disclaimer and documentation for the above two libraries.
 Please note that download links for the above two release have not been included, but will
be as soon as the release's approval has been completed and the archives are available for
public download.
    We now kindly request that the Incubator PMC members review and vote on this incubator
release as follows:
    [ ] +1 approve
    [ ] +0 no opinion
    [ ] -1 disapprove with the reason
    Checklist for reference:
    [ ] Download links are valid
    [ ] Checksums and PGP signatures are valid
    [ ] DISCLAIMER, LICENCE & NOTICE files are included
    [ ] Source code archives have correct names matching the current release.
    [ ] All source code files have licence headers
    [ ] No compiled binaries are included
    [ ] Libraries build correctly and all tests pass (as per the instructions in their respective
readme files) on either Windows, Mac or Linux.
    The vote will be open for a minimum of 72 hours.  3 x +1 votes are required to approve
this release.
    Many thanks,
    John McCane-Whitney
    Director of Product at Qredo Ltd
    T: +44 7966 490687
    1 Primrose Street
    London, UK EC2A 2EX
    Qredo Ltd is a limited company registered in England and Wales (registered number 7834052).
This e-mail and any attachments are confidential, and are intended only for the named addressee(s).
If you are not the intended recipient you may not copy, disclose to anyone else or otherwise
use the content of this e-mail or any attachment thereto and should notify the sender immediately
and delete them from your system.
    To unsubscribe, e-mail:
    For additional commands, e-mail:

View raw message