[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Groups - Slides: PKCS #11 AEAD Functions at 2014-02-28 F2F uploaded
|
On 2/28/2014 12:52 PM, Wan-Teh Chang
wrote:
Submitter's message I did a review pass on the spec document for this proposal, not the slides (couldn't find the email announcing the upload so I could reply to it) and the annotated version is attached. It's getting closer to my proposal and I noted some areas where it still needs improvement. I wouldn't go forward with this without adding the message based calls for Sign and Verify for example. With respect to the API, I wouldn't attempt to reuse any current API calls to implement either AEAD or message based stuff. The hard decision is to open up the API to change - once you do that its simply a matter of crafting the set of calls that you need rather than trying to impedence match the new functions to the old API. With respect to the proposal, I think a single pair of C_NewAssociation and C_CloseAssociation API calls will work to cover all of encrypt, decrypt, sign and verify rather than C_NewEncryptAssociation, C_NewSignAssociation etc.... If you think of the C_EncryptMessage and C_SignMessage as macros for a C_EncryptInit/C_Encrypt which use data from the association, I can't see any reason why you need a new association function per message type. Mike |
Attachment:
PKCS11MessageBasedEncryption20140311-msj.pdf
Description: Adobe PDF document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]