[Authentication] SKS/KeyGen2 for Linux
Anders Rundgren
anders.rundgren.net at gmail.com
Mon Aug 19 01:39:10 PDT 2013
Having been encouraged by a message from Mr. Linu{s|x} himself, that
"the security people will never agree on anything" (which probably is correct...) ,
I will slowly but surely port the SKS/KeyGen2 concept to Linux:
https://openkeystore.googlecode.com/svn/resources/trunk/docs/sks-api-arch.pdf
Unfortunately I have have reached a temporary setback because I have found
out that Google will never support XML Schema in Android which makes KeyGen2
dependent on ports of pretty giant third-party libraries like Apache's XML suite.
In addition, the web-world seems to be hooked on JSON so this is what KeyGen2
will be rewritten in. However, using JSON isn't completely without issues either:
http://webpki.org/papers/PKI/converting-xmldsig-2-json.pdf
Since SKS/KeyGen2 anyway relies on concepts that have very little support in standards
like SM (Secure Messaging), I'm probably going to use proprietary definitions of JSON
crypto objects for the reasons just stated. The parser will probably check in at 3K-5K
lines so it is not really comparable to the 200K line (!) XML XSD/DSig.
On the lower-end of things, the SKS, I will swap the WS-interface for serialized binary
that should run fine both with Android's "binder" and Linux' D-Bus. The client-code
for all implementations will (like the current WS-interface
https://code.google.com/p/openkeystore/source/browse/library/trunk/build/sks-ws-descriptor.xml)
be auto-generated from a single definition file. Skipping WS will make it much simpler.
Cheers
Anders
More information about the Authentication
mailing list