On 6/12/08, Pádraic Brady <[EMAIL PROTECTED]> wrote: > > Hi Michael, > > >The naming of this component is wrong. It should be > >Zend_Pki_Certificate or Zend_Pki_Key or some such. The word "Crypt" > >should be reserved for a generic crypto class and "Rsa" is just one > >implementation of a symmetric algorithm. > > The naming is more categorical than specific - crypt/cryptography. Sorry if > that's unclear - I go with short/existing namespaces where possible. One > could argue against PKI as a namespace even, since the issue of trust is > optional - there's no absolute requirement for a certification authority > since you can issue your own uncertified keys in RSA.
Zend_Crypt_Rsa makes sense if it just deals with the numeric details of the algorithm but when you start reading PEM files or just juggling public / private key pairs I think that should probably be part of some "Pki" classes. > I know what your point is, but my point is largely that OO does add concrete > benefits. By itself I don't think it really does ultimately. I think that the real benefits of OOP only kick in when you actually use polymorphism. And I've been a little concerned that some of the components in ZF aren't reaping those benefits as well as they could. If you created interfaces for block ciphers vs. hashing algorithms vs. certificate stuff ... etc then you might be able to really put OOP to work. You could change one line of code and get use a completely different crypto system. But I don't really get the feeling from your API that you're thinking about such things. By doing $rsa->encrypt($data, $rsa->getPublicKey()) you've committed yourself to making Zend_Crypt_Rsa implement a key pair generating interface. Unless you're putting OOP to work by getting polymorphic behavior from it, I don't think an OO wrapper by itself is much better than using the openssl and mcrypt functions directly. The wrapper just adds another layer that has different semantics which makes it harder to get started, to find answers, to do advanced things, to debug, ... etc. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
