Project

General

Profile

Actions

Feature #2871

closed

KeyChain: general signing API

Added by Yingdi Yu almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:

Description

In the current implementation, when signing a packet, KeyChain prepares the SignatureInfo for the packet, because current SignatureInfo only contains KeyLocator and SignatureType which may only be determined by KeyChain.

Now the extension to SignatureInfo introduces new fields which cannot be determined by KeyChain (such as validity period, additional description, etc.), it would be desired to define a general interface of KeyChain to pass those information.

A solution is to pass an incomplete SignatureInfo (with KeyLocator and SignatureType missing) as an argument of the sign method. Caller of the sign method should prepare all the other field if necessary, and KeyChain will fill the missing SignatureType and KeyLocator.

A more general signing interface is to define a SigningInfo class which may contain the signer information (such as signing identity name, or signing key name, or signing certificate name, or nothing) and the incomplete SignatureInfo, so all the signing methods can be unified as:

void
sign(Data&, const SigningInfo&);

void
sign(Interest&, const SigningInfo&);

Related issues 5 (0 open5 closed)

Blocks ndn-cxx - Task #2891: Deprecate KeyChain::sign* methods in favor of KeyChain::sign(Packet&, const SigningInfo&);ClosedYingdi Yu06/12/2015

Actions
Blocks ndn-cxx - Task #2893: Simplify CommandOptions with SigningInfoClosedJunxiao Shi

Actions
Blocks ndn-tools - Bug #2919: poke and pingserver use deprecated signing APIClosedEric Newberry06/18/2015

Actions
Blocks ndn-cxx - Task #2926: Refactor KeyChainClosedYingdi Yu

Actions
Blocks ndn-cxx - Feature #2922: Helpers to create SigningInfoClosedEric Newberry

Actions
Actions #1

Updated by Junxiao Shi almost 9 years ago

  • Tracker changed from Task to Feature
  • Subject changed from Add general signing interface for KeyChain. to KeyChain: general signing API
  • Start date deleted (06/10/2015)

I agree with the basic idea of this feature.

The design of SigningInfo can copy from similar functionality in ndn::nfd::CommandOptions.

Also, as I remember, the Interest/Data being signed must be created by make_shared.

If this is the case, the API should take shared_ptr<Data> in order to enforce this requirement and prevent mistakes.

Actions #2

Updated by Junxiao Shi almost 9 years ago

Is this intended to be a backwards-compatible change, or a backwards-incompatible change?

Actions #3

Updated by Yingdi Yu almost 9 years ago

It should be backward compatible.

Actions #4

Updated by Yingdi Yu almost 9 years ago

  • Assignee set to Yingdi Yu
  • % Done changed from 0 to 100
Actions #5

Updated by Yingdi Yu almost 9 years ago

  • Status changed from New to In Progress
  • % Done changed from 100 to 50

The first change for this feature is to put doxygen.

The second change for this feature is to add DEPRECATED macro.

The third change for this feature is to delete the deprecated methods.

Actions #6

Updated by Alex Afanasyev almost 9 years ago

  • Blocks Task #2890: Delete deprecated KeyChain methods added
Actions #7

Updated by Alex Afanasyev almost 9 years ago

  • Target version set to v0.4
Actions #8

Updated by Alex Afanasyev almost 9 years ago

  • Blocks Task #2891: Deprecate KeyChain::sign* methods in favor of KeyChain::sign(Packet&, const SigningInfo&); added
Actions #9

Updated by Alex Afanasyev almost 9 years ago

  • Blocks deleted (Task #2890: Delete deprecated KeyChain methods)
Actions #10

Updated by Junxiao Shi almost 9 years ago

  • Blocks Task #2893: Simplify CommandOptions with SigningInfo added
Actions #11

Updated by Junxiao Shi almost 9 years ago

Why do we require SigningInfo?

What about:

void
sign(Data& data, const SigningInfo& = /* a default SigningInfo that selects the default identity */);

// same for Interest& variant

so that a caller can omit SigningInfo to pick the default.

Actions #12

Updated by Yingdi Yu almost 9 years ago

I think we can do that.

Actions #13

Updated by Yingdi Yu almost 9 years ago

  • Status changed from In Progress to Code review
  • % Done changed from 50 to 80
Actions #14

Updated by Junxiao Shi almost 9 years ago

  • Blocks Bug #2919: poke and pingserver use deprecated signing API added
Actions #15

Updated by Yingdi Yu almost 9 years ago

Actions #16

Updated by Junxiao Shi almost 9 years ago

  • Status changed from Code review to Closed
  • % Done changed from 80 to 100
Actions #17

Updated by Junxiao Shi almost 9 years ago

Actions

Also available in: Atom PDF