Hi Pid, thanks for understanding, in a while I'll be able to show you the alternative we're looking for to sign/verify signatures simply with String, I hope you'll enjoy the solution :P See you!!! Simo
http://people.apache.org/~simonetripodi/ http://www.99soft.org/ On Fri, Jul 9, 2010 at 11:08 AM, Pid <[email protected]> wrote: > On 09/07/2010 09:43, Simone Tripodi wrote: >> Hi Pid, >> in that way you're able to verify an HMAC signed signature with an RSA >> verifying key, that's wrong by nature. > > I understand that problem, I'm trying to find a way to avoid generics > for this package. Otherwise we'll have to hard code each sig method in > the implementation. > >>> + >>> + /** >>> + * @param value >>> + * @return key >>> + */ >>> + SigningKey createSigningKey(String... value); >>> + >>> + /** >>> + * @param value >>> + * @return key >>> + */ >>> + VerifyingKey createVerifyingKey(String... value); >>> >> >> uhm I really don't think keys have to be generated by an algorithm >> that the task to sign/verify a signature, Keys can be defined >> independently by the algorithm implementation. > > Please see my previous email thread on this topic. > > Currently it will not be possible to look up a SignatureMethod instance > using a String identifier as a key. We need a solution to the problem, > either by working around it or by coming up with an alternative. > > The current interface design simply will not work, as far as I can tell > - please advise if you believe otherwise. > > >> BTW I was integrating the Signature api to the implementation to the >> already existing codebase and that modification broke my work, can you >> please advice me before you want to modify it, to avoid we both have >> problems? Can you please rollback that class? Thanks in advance, very >> appreciated :) > > Apologies, done. > > > p > >> Simo >> >> http://people.apache.org/~simonetripodi/ >> http://www.99soft.org/ > > >
