Simon Josefsson <[email protected]> writes: > My priority is to work on functions to set PSKC fields, to enable > building an interface in pskctool to generate PSKC data, and then look > at the encryption part of PSKC.
The design of the library API is pretty straightforward. However how should the command line tool work? Does providing values on the command line like this make sense? pskctool --build --container "version=1.0,id=FOOBAR" \ --keypackage "key-id=1234,key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp,device-manufacturer=SomeManufacturer,key-b64secret=MTIzNA==" You could have one --keypackage parameter per keypackage structure. Or should it read from standard input some format? For example: pskctool --build --container-version 1.0 --container-id FOOBAR \ --keypackage-format "key-id,key-algorithm,device-manufacturer,key-b64secret" which would then read line-based data like this: 1234,urn:ietf:params:xml:ns:keyprov:pskc:hotp,SomeManufacturer,MTIzNA== That is better since secret keys are not provided on the command line. It could support a "default" simple input format so one could do: pskctool --build <EOF container-version=1.0 container-id=FOOBAR key-id=1234 key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp device-manufacturer=SomeManufacturer key-b64secret=MTIzNA== EOF However some mechanism is needed to separate different keypackages. Maybe like this: [container] version=1.0 id=FOOBAR [keypackage] key-id=1234 key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp device-manufacturer=SomeManufacturer key-b64secret=MTIzNA== [keypackage] key-id=5678 key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp device-manufacturer=SomeOtherManufacturer key-b64secret=AMAMAA== Any other ideas? /Simon
