Project

General

Profile

Actions
Copy link

Feature #2871

closed

KeyChain: general signing API

Added by Yingdi Yu over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Yingdi Yu
Category:
Security
Target version:
v0.4
Start date:
Due date:
% Done:

100%

Estimated time:

Description

In the current implementation, when signing a packet, KeyChain prepares the SignatureInfo for the packet, because current SignatureInfo only contains KeyLocator and SignatureType which may only be determined by KeyChain.

Now the extension to SignatureInfo introduces new fields which cannot be determined by KeyChain (such as validity period, additional description, etc.), it would be desired to define a general interface of KeyChain to pass those information.

A solution is to pass an incomplete SignatureInfo (with KeyLocator and SignatureType missing) as an argument of the sign method. Caller of the sign method should prepare all the other field if necessary, and KeyChain will fill the missing SignatureType and KeyLocator.

A more general signing interface is to define a SigningInfo class which may contain the signer information (such as signing identity name, or signing key name, or signing certificate name, or nothing) and the incomplete SignatureInfo, so all the signing methods can be unified as:

void
sign(Data&, const SigningInfo&);

void
sign(Interest&, const SigningInfo&);

Related issues 5 (0 open5 closed)

Blocks ndn-cxx - Task #2891: Deprecate KeyChain::sign* methods in favor of KeyChain::sign(Packet&, const SigningInfo&);ClosedYingdi Yu06/12/2015

Actions
Blocks ndn-cxx - Task #2893: Simplify CommandOptions with SigningInfoClosedJunxiao Shi

Actions
Blocks ndn-tools - Bug #2919: poke and pingserver use deprecated signing APIClosedEric Newberry06/18/2015

Actions
Blocks ndn-cxx - Task #2926: Refactor KeyChainClosedYingdi Yu

Actions
Blocks ndn-cxx - Feature #2922: Helpers to create SigningInfoClosedEric Newberry

Actions
Actions
Copy link

Also available in: Atom PDF