oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Tripodi <simone.trip...@gmail.com>
Subject Re: svn commit: r962443 - /incubator/amber/trunk/spec-api/src/main/java/org/apache/amber/signature/SignatureMethod.java
Date Fri, 09 Jul 2010 08:43:06 GMT
Hi Pid,
in that way you're able to verify an HMAC signed signature with an RSA
verifying key, that's wrong by nature.

> +
> +    /**
> +     * @param value
> +     * @return key
> +     */
> +    SigningKey createSigningKey(String... value);
> +
> +    /**
> +     * @param value
> +     * @return key
> +     */
> +    VerifyingKey createVerifyingKey(String... value);
>

uhm I really don't think keys have to be generated by an algorithm
that the task to sign/verify a signature, Keys can be defined
independently by the algorithm implementation.
BTW I was integrating the Signature api to the implementation to the
already existing codebase and that modification broke my work, can you
please advice me before you want to modify it, to avoid we both have
problems? Can you please rollback that class? Thanks in advance, very
appreciated :)
Simo

http://people.apache.org/~simonetripodi/
http://www.99soft.org/

Mime
View raw message