Dear all, I have been really happy to see an effort for a crypto api in apache.org, so i decided to provide for comment a design of an high level. Many cryptosystem around the world are using hardware security modules so the idea to integrate the that in an opensource api is pretty cool. In the attached image you may see the first raw design. I will explain the rational: 1. CryptoOperation: this is the interface that you want to extend for your own operation. That they may be simple or composite. In the cryptoworld you may want to execute and AES and than from that cipherered you may want do something else, an xor with some padding for example. So it is nice to provide composite for this reason. Or another example Create a key pair with NIST 192 and than sign some data. 2. SimpleCryptoOperation: AESCiphering, ECPublicKeyCrreating. A single shot of execution. 3. CompoundCryptoOperation: a composite (a la compositte design pattern) of single operation. The executor of the operation will get the output of the first operation as input of the second operation. 4. CryptoProcessor: An executor of cryptographic operation (simple or composite) potentially may be local or remote. The CryptoProcessor is the interface. 5. OpenSSLCryptoProcessor: this the backend of the CryptoProcessor 6. PKCS11CryptoProcessor: this is the backend for any PCKS11 device for the processor. For example Luna SafeNet HSM, Thales HSM or SoftHSM.
Is this kind of effort needed or appreciated in the context of Common Crypto? Any comment? This is essentially a request for comment.
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
