Proposal for a Desktop Neutral Crypto API

Brad Hards bradh at frogmouth.net
Sat Apr 2 08:34:41 EEST 2005


On Sat, 2 Apr 2005 06:30 am, Nielsen wrote:
> I've drafted a proposal for a DBUS encryption API. It's meant to be
> desktop neutral, and encryption system neutral (ie: OpenPGP vs. S/MIME).
>
> The Draft:
> http://freedesktop.org/wiki/Crypto
Apart from the "remember what we did last time", I'm not sure what this is 
meant to provide in terms of additional functionality over what could be done 
with a shared library. Can you explain what you are trying to achieve by a 
crypto API? If I understood that, I might be able to make a more informed 
comment.

First look over:
* why the choice of key types (openpgp and smime)?
* are you trying to replace existing key agenst (eg for ssh or GPG)?
* what is the format for org.freedesktop.Crypto.Keys.ImportKeys and 
ExportKeys?
* how do you handle usage specific trust (eg I trust a certificate or key for 
a game server, but I wouldn't trust that certificate for my online banking)?
* org.freedesktop.Crypto.TextOperations.EncryptText() and .DecryptText() 
appear to be pretty GPG centric. What if I want to encrypt with Blowfish, CBC 
mode, with a specific IV, PKCS7 padding?
* same for TextOperations.signText and VerifyText. What if I just want to do 
HMAC using SHA256?
*same for URIOperations.
* are you confident that DBUS is secure enough for this?

Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050402/71ef4c81/attachment.pgp 


More information about the xdg mailing list