Feature #2871
closed
KeyChain: general signing API
Description
In the current implementation, when signing a packet, KeyChain prepares the SignatureInfo for the packet, because current SignatureInfo only contains KeyLocator and SignatureType which may only be determined by KeyChain.
Now the extension to SignatureInfo introduces new fields which cannot be determined by KeyChain (such as validity period, additional description, etc.), it would be desired to define a general interface of KeyChain to pass those information.
A solution is to pass an incomplete SignatureInfo (with KeyLocator and SignatureType missing) as an argument of the sign method. Caller of the sign method should prepare all the other field if necessary, and KeyChain will fill the missing SignatureType and KeyLocator.
A more general signing interface is to define a SigningInfo class which may contain the signer information (such as signing identity name, or signing key name, or signing certificate name, or nothing) and the incomplete SignatureInfo, so all the signing methods can be unified as:
void
sign(Data&, const SigningInfo&);
void
sign(Interest&, const SigningInfo&);
Updated by Junxiao Shi over 9 years ago
- Tracker changed from Task to Feature
- Subject changed from Add general signing interface for KeyChain. to KeyChain: general signing API
- Start date deleted (
06/10/2015)
I agree with the basic idea of this feature.
The design of SigningInfo can copy from similar functionality in ndn::nfd::CommandOptions.
Also, as I remember, the Interest/Data being signed must be created by make_shared.
If this is the case, the API should take shared_ptr<Data> in order to enforce this requirement and prevent mistakes.
Updated by Junxiao Shi over 9 years ago
Is this intended to be a backwards-compatible change, or a backwards-incompatible change?
Updated by Yingdi Yu over 9 years ago
- Assignee set to Yingdi Yu
- % Done changed from 0 to 100
Updated by Yingdi Yu over 9 years ago
- Status changed from New to In Progress
- % Done changed from 100 to 50
The first change for this feature is to put doxygen.
The second change for this feature is to add DEPRECATED macro.
The third change for this feature is to delete the deprecated methods.
Updated by Alex Afanasyev over 9 years ago
- Blocks Task #2890: Delete deprecated KeyChain methods added
Updated by Alex Afanasyev over 9 years ago
- Blocks Task #2891: Deprecate KeyChain::sign* methods in favor of KeyChain::sign(Packet&, const SigningInfo&); added
Updated by Alex Afanasyev over 9 years ago
- Blocks deleted (Task #2890: Delete deprecated KeyChain methods)
Updated by Junxiao Shi over 9 years ago
- Blocks Task #2893: Simplify CommandOptions with SigningInfo added
Updated by Junxiao Shi over 9 years ago
Why do we require SigningInfo?
What about:
void
sign(Data& data, const SigningInfo& = /* a default SigningInfo that selects the default identity */);
// same for Interest& variant
so that a caller can omit SigningInfo to pick the default.
Updated by Yingdi Yu over 9 years ago
- Status changed from In Progress to Code review
- % Done changed from 50 to 80
Updated by Junxiao Shi over 9 years ago
- Blocks Bug #2919: poke and pingserver use deprecated signing API added
Updated by Yingdi Yu over 9 years ago
- Blocks Task #2926: Refactor KeyChain added
Updated by Junxiao Shi over 9 years ago
- Status changed from Code review to Closed
- % Done changed from 80 to 100
Updated by Junxiao Shi over 9 years ago
- Blocks Feature #2922: Helpers to create SigningInfo added