An initial suggestion (currently in the Release 1.0.1 candidate drafts)
is that openPGP should be used in openEHR for generating digests and
signatures. openPGP is defined at http://www.ietf.org/rfc/rfc2440.txt
and a lot of other information can be found at http://www.pgpi.org/ ,
http://www.gnupg.org/ .
My proposal is that the openPGP message specification makes sense for
defining signature and hash values in openEHR because openPGP fully
defines the result string ("message"), and allows for a wide choice of
algorithms. It is also nice in that the result can be a single string,
and is self-describing - i.e. decoding software can just read the string
to find out what algorithms were used, and apply them. ASCII armoring
and radix-64 encoding mean that "safe" strings can be generated.
However, we also have to be mindful of how it can be implemented in all
major OSs and languages. Gnu GPG is one approach, but I don't have any
direct experience of it.
Currently, hashing and signing are completely optional in openEHR
(probably they will always be). But I believe we need to support them
clearly in the openEHR architecture for those users that do want them. I
also believe that we need to specify an open standard for hashing and
signing and related security things.
Lastly, the use of such security algorithms interacts with the notion of
key certication and a PKI. My understanding is that openPGP does not
force users into any particular model of key management (even if the PGP
distributed model might be easiest to itegrate). Do others have
experience with openPGP within a PKI?
- thomas beale
--
___________________________________________________________________________________
CTO Ocean Informatics (http://www.OceanInformatics.biz)
Research Fellow, University College London (http://www.chime.ucl.ac.uk)
Chair Architectural Review Board, openEHR (http://www.openEHR.org)
