On 09/07/2010 09:43, Simone Tripodi wrote: > Hi Pid, > in that way you're able to verify an HMAC signed signature with an RSA > verifying key, that's wrong by nature.
I understand that problem, I'm trying to find a way to avoid generics for this package. Otherwise we'll have to hard code each sig method in the implementation. >> + >> + /** >> + * @param value >> + * @return key >> + */ >> + SigningKey createSigningKey(String... value); >> + >> + /** >> + * @param value >> + * @return key >> + */ >> + VerifyingKey createVerifyingKey(String... value); >> > > uhm I really don't think keys have to be generated by an algorithm > that the task to sign/verify a signature, Keys can be defined > independently by the algorithm implementation. Please see my previous email thread on this topic. Currently it will not be possible to look up a SignatureMethod instance using a String identifier as a key. We need a solution to the problem, either by working around it or by coming up with an alternative. The current interface design simply will not work, as far as I can tell - please advise if you believe otherwise. > BTW I was integrating the Signature api to the implementation to the > already existing codebase and that modification broke my work, can you > please advice me before you want to modify it, to avoid we both have > problems? Can you please rollback that class? Thanks in advance, very > appreciated :) Apologies, done. p > Simo > > http://people.apache.org/~simonetripodi/ > http://www.99soft.org/
signature.asc
Description: OpenPGP digital signature
