On 09/07/2010 10:18, Simone Tripodi wrote: > Hi Pid, > thanks for understanding, in a while I'll be able to show you the > alternative we're looking for to sign/verify signatures simply with > String, I hope you'll enjoy the solution :P
I'd prefer to have a discussion about it, even if it's a short one, before code is committed, if possible. p > On Fri, Jul 9, 2010 at 11:08 AM, Pid <[email protected]> wrote: >> On 09/07/2010 09:43, Simone Tripodi wrote: >>> Hi Pid, >>> in that way you're able to verify an HMAC signed signature with an RSA >>> verifying key, that's wrong by nature. >> >> I understand that problem, I'm trying to find a way to avoid generics >> for this package. Otherwise we'll have to hard code each sig method in >> the implementation. >> >>>> + >>>> + /** >>>> + * @param value >>>> + * @return key >>>> + */ >>>> + SigningKey createSigningKey(String... value); >>>> + >>>> + /** >>>> + * @param value >>>> + * @return key >>>> + */ >>>> + VerifyingKey createVerifyingKey(String... value); >>>> >>> >>> uhm I really don't think keys have to be generated by an algorithm >>> that the task to sign/verify a signature, Keys can be defined >>> independently by the algorithm implementation. >> >> Please see my previous email thread on this topic. >> >> Currently it will not be possible to look up a SignatureMethod instance >> using a String identifier as a key. We need a solution to the problem, >> either by working around it or by coming up with an alternative. >> >> The current interface design simply will not work, as far as I can tell >> - please advise if you believe otherwise. >> >> >>> BTW I was integrating the Signature api to the implementation to the >>> already existing codebase and that modification broke my work, can you >>> please advice me before you want to modify it, to avoid we both have >>> problems? Can you please rollback that class? Thanks in advance, very >>> appreciated :) >> >> Apologies, done. >> >> >> p >> >>> Simo >>> >>> http://people.apache.org/~simonetripodi/ >>> http://www.99soft.org/ >> >> >>
signature.asc
Description: OpenPGP digital signature
