Proposal for a Desktop Neutral Crypto API
Brad Hards
bradh at frogmouth.net
Sat Apr 2 08:34:41 EEST 2005
On Sat, 2 Apr 2005 06:30 am, Nielsen wrote:
> I've drafted a proposal for a DBUS encryption API. It's meant to be
> desktop neutral, and encryption system neutral (ie: OpenPGP vs. S/MIME).
>
> The Draft:
> http://freedesktop.org/wiki/Crypto
Apart from the "remember what we did last time", I'm not sure what this is
meant to provide in terms of additional functionality over what could be done
with a shared library. Can you explain what you are trying to achieve by a
crypto API? If I understood that, I might be able to make a more informed
comment.
First look over:
* why the choice of key types (openpgp and smime)?
* are you trying to replace existing key agenst (eg for ssh or GPG)?
* what is the format for org.freedesktop.Crypto.Keys.ImportKeys and
ExportKeys?
* how do you handle usage specific trust (eg I trust a certificate or key for
a game server, but I wouldn't trust that certificate for my online banking)?
* org.freedesktop.Crypto.TextOperations.EncryptText() and .DecryptText()
appear to be pretty GPG centric. What if I want to encrypt with Blowfish, CBC
mode, with a specific IV, PKCS7 padding?
* same for TextOperations.signText and VerifyText. What if I just want to do
HMAC using SHA256?
*same for URIOperations.
* are you confident that DBUS is secure enough for this?
Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050402/71ef4c81/attachment.pgp
More information about the xdg
mailing list