[Evolution-hackers] Re: Proposal for a Desktop Neutral Crypto API



On Sat, 2 Apr 2005 06:30 am, Nielsen wrote:
> I've drafted a proposal for a DBUS encryption API. It's meant to be
> desktop neutral, and encryption system neutral (ie: OpenPGP vs. S/MIME).
>
> The Draft:
> http://freedesktop.org/wiki/Crypto
Apart from the "remember what we did last time", I'm not sure what this is 
meant to provide in terms of additional functionality over what could be done 
with a shared library. Can you explain what you are trying to achieve by a 
crypto API? If I understood that, I might be able to make a more informed 
comment.

First look over:
* why the choice of key types (openpgp and smime)?
* are you trying to replace existing key agenst (eg for ssh or GPG)?
* what is the format for org.freedesktop.Crypto.Keys.ImportKeys and 
ExportKeys?
* how do you handle usage specific trust (eg I trust a certificate or key for 
a game server, but I wouldn't trust that certificate for my online banking)?
* org.freedesktop.Crypto.TextOperations.EncryptText() and .DecryptText() 
appear to be pretty GPG centric. What if I want to encrypt with Blowfish, CBC 
mode, with a specific IV, PKCS7 padding?
* same for TextOperations.signText and VerifyText. What if I just want to do 
HMAC using SHA256?
*same for URIOperations.
* are you confident that DBUS is secure enough for this?

Brad

Attachment: pgpPjlwjV8T6h.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]