[
https://issues.apache.org/jira/browse/SHIRO-304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13049151#comment-13049151
]
Razvan Dragut commented on SHIRO-304:
-------------------------------------
Another idea would be to have another service called SecurityService ( didn't
see any class/interface named like that in Shiro so I thought I'd recommend ).
This service would "wrap" (composition, aggregation, delegate) a CipherService.
SecurityService would deal with object signing and will delegate sealing to the
CipherService. If composition/aggregation is used, the SecurityService could
expose the CipherService methods and make SecurityService the general entry
point in using cryptography and other related security features in Shiro.
// CipherService
SealedObject CipherService.seal(Object o);
Object CipherService.unseal(SealedObject so);
// SecurityService
SignedObject SecurityService.sign(Object o);
boolean SecurityService.verify(SignedObject so);
SealedObject SecurityService.signAndSeal(Object o);
// SecurityService exposes CipherService via one of the suitable patterns
Composition/Aggregation.
SealedObject SecurityService.seal(Object o);
Object SecurityService.unseal(SealedObject so);
SecurityService can also assist with Message Authentication Code generation
(MAC, HMAC), using a "HashService" in the same way as it would use
CipherService.
How commited is Shiro in using the "services" API design ?
> Add support for object signing and sealing
> ------------------------------------------
>
> Key: SHIRO-304
> URL: https://issues.apache.org/jira/browse/SHIRO-304
> Project: Shiro
> Issue Type: Wish
> Components: Specification API
> Reporter: Razvan Dragut
> Priority: Minor
> Labels: security
>
> Request :
> Add API to allow signing and sealing an object. This can be supported by the
> existing Java API ( javax.crypto.SealedObject and java.security.SignedObject
> ).
> Reasoning :
> 1. Shiro users will be able to use encryption and signing of objects using
> uniform API with Shiro framework
> 2. Enforce/Suggest the correct way to sign and seal an object : Sign, then
> seal rather than allow unnecessary bad practice of sealing first, then
> signing to happen.
> Real world scenario :
> Sensitive information (E.g Credit Card details) being sent over the wire or
> being stored in a database as a serialised object.
> In order to store the object in a DB or send it outside a secure environment,
> the object should be signed, encrypted, serialised, sent/stored . Then,
> read/receive, deserialize, decrypt, checked signature.
> Initial ideas :
> The class CipherService could provide methods for signing, checking
> signature, sealing and unsealing. The CipherService class is stateless and I
> will omit the encryption keys parameters at the moment as this require some
> careful thinking on what kind of keys one can use, keep the verbosity at
> minimum and uniform API.
> SignedObject CipherService.sign(Object o);
> SealedObject CipherService.seal(Object o);
> SealedObject CipherService.signAndSeal(Object o);
> Object CipherService.unseal(SealedObject so); <-- this could automatically
> check for signature if the unsealed object is of type SignedObject
> boolean CipherService.checkSignature(SignedObject so);
> Something to consider is whether signing and sealing should be part of the
> same class/service. They are different actions with different semantics and
> the action/semantic of signing something doesn't really make sense to sit in
> a class/service that encrypts/decrypts.
> Any thoughts ?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
