commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject Re: [PGP] API sketch
Date Mon, 30 May 2005 01:43:35 GMT
Any more thoughts on this?

Brett Porter wrote:

>Thanks Stefan - feedback inline.
>
>Stefan Bodewig wrote:
>
> > /** @param keyId may be null to specify the default key */
> > void sign(InputStream data, OutputStream signedOutput,
> > String keyId, KeyRing keyRing, boolean asciiArmor)
> > throws PGPException;
> >
> > /** @param keyId may be null to specify the default key */
> > void detachedSign(InputStream data, OutputStream signature,
> > String keyId, KeyRing keyRing, boolean asciiArmor)
> > throws PGPException;
> >
> > SignatureStatus verifySignature(InputStream data, KeyRing keyRing)
> > throws PGPException;
> >
> > SignatureStatus verifyDetachedSignature(InputStream data,
> > InputStream signature,
> > KeyRing keyRing)
> > throws PGPException;
> >}
> >
> >
>These all look fine for most uses, but I would like a default
>implementation that builds on something like this:
>
>interface PgpSignatureUpdater {
>  void update( byte[] data )
>  void update( byte[] data, int offset, int length )
>  byte[] finish()
>}
>
>This being used to create the detached signature (I'm assuming a
>generated detached signature can be later added to the actual message,
>and that byte[] is sufficient for both binary and ascii armored output),
>and can be used in both signing and verifying. The implementation would
>take configuration specifying the keyring, ascii armoring and anything else.
>
> >class KeyRing {
> > InputSteam getStream();
> > /** @return null for a public key ring. */
> > char[] getPassPhrase();
> >}
> >
> >
> >
>Seems ok.
>
> >PGPException would be a wrapper for the real exception an
> >implementation could throw (but I wouldn't want to depend on
> >commons-lang just for NestableException).
> >
> >
>+1
>
> >SignatureStatus an enum-like class with ValidSignature, UnknownKey and
> >InvalidSignature. We may even include trust calculations here (if
> >supported), ValidTrustedSignature and ValidUntrustedSignature or
> >similar.
> >
> >
>Yes, I think all of those would be useful.
>
> >And finally
> >
> >class FooFactory {
> > static FooFactory getFactory() throws PGPException;
> > Foo newFoo() throws PGPException;
> >}
> >
> >Foo is a placeholder since (1) I can't come up with a good name right
> >now and (2) have a long track record of inventing bad names anyway.
> >
> >
>PgpSigner and PgpSignatureVerifier (I can't think of a unified name
>without coffee).
>
>- Brett
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message