You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Berin Lautenbach <be...@ozemail.com.au> on 2003/07/17 09:36:54 UTC
Encryption design - I need some input
Peoples,
Am having some fun with integrating encryption into the library, and
need some thoughts.
As I understand the main signature library, it builds the DOM tree at
the same time as the various objects are created. I.e. if I do a "new
KeyInfo()", then I get back something with a tree already created. If I
then add a KeyName() object, a new <KeyName/> element gets immediately
added as a child to the KeyInfo DOM Node.
XMLCipher, however, uses the marshaller approach. I build everything up
and then call "toElement()" which turns everything to a DOM tree at that
point. Any subsequent changes are not immediately reflected in the
associated DOM tree.
Now I'm adding KeyInfo support to XMLCipher. The easiest thing to do
(which I'm doing) is to add EncryptedKey to
org.apache.xml.security.keys.KeyInfo and then use this version of
KeyInfo inside XMLCipher.
Gets messy when you recreate DOM trees (marshall the XML) more than once
- the KeyInfo returns the same DOM Nodes as before, but everything else
is re-created.
What are peoples thoughts? Is it best to :
1. Leave my tactical solution in place and just accept that the two
will always work differently. I don't like this - I believe the library
should be consistent.
2. Move the Signature code to use a marshaller (_not_ trivial, and
significantly complicates actual signing. *But* it fits in more
naturally with the JSR105.)
3. Move the encryption code to a "build the DOM as I build the objects"
approach. I favour the latter, but then it's the way I've done the C
code, so I find it more natural.
Thoughts?
Cheers,
Berin
Re: Encryption design - I need some input
Posted by Axl Mattheus <ax...@sun.com>.
All,
I'm back from leave! Nice (NOT)!
OK. Here are my thoughts... When I designed the XML Enc code, I had
input from Sean Mullan and Erwin van der Koogh (who were/are active in
the JSR104/105/106 space). I also looked at various experimental and
comercial implementations of XML encryption libraries in C,C++, Ada and
Java. As a result of the input I got from Sean et al, I designed the XML
Enc API with three objectives in mind.
1. XML Enc API should fit in with the (upcoming) JSR106 (XML Enc)
straw man API.
2. XML Enc should resemble and be compatible with the JSR105 (XML
Sig) API.
3. The XML Enc implemenation should make life easy for the developers
who are familiar with the javax.crypto.Cipher class.
As a result I came up with a design that looks like javax.crypto.Cipher
that will (hopefully) also be the underlying implementation for the
JSR106 API when it comes along.
I understand and appreciate your concerns about the "compatibility" and
"consistency" of the Sig and Enc code. I planned to expose
XMLCipher.Serializer and XMLCipher.Factory to make it easier to build
the appropriate XML (DOM) for the XML Enc implementation. If we do that,
AND we do the same for the Sig implementation, we will have the best of
both worlds - consistent APIs that will fit in kind of "naturally"
underneath the JSR105/106 implementations.
Fire away with your thoughts...
Ax/
Berin Lautenbach wrote:
> Peoples,
>
> Am having some fun with integrating encryption into the library, and
> need some thoughts.
>
> As I understand the main signature library, it builds the DOM tree at
> the same time as the various objects are created. I.e. if I do a "new
> KeyInfo()", then I get back something with a tree already created. If
> I then add a KeyName() object, a new <KeyName/> element gets
> immediately added as a child to the KeyInfo DOM Node.
>
> XMLCipher, however, uses the marshaller approach. I build everything
> up and then call "toElement()" which turns everything to a DOM tree at
> that point. Any subsequent changes are not immediately reflected in
> the associated DOM tree.
>
> Now I'm adding KeyInfo support to XMLCipher. The easiest thing to do
> (which I'm doing) is to add EncryptedKey to
> org.apache.xml.security.keys.KeyInfo and then use this version of
> KeyInfo inside XMLCipher.
>
> Gets messy when you recreate DOM trees (marshall the XML) more than
> once - the KeyInfo returns the same DOM Nodes as before, but
> everything else is re-created.
>
> What are peoples thoughts? Is it best to :
>
> 1. Leave my tactical solution in place and just accept that the two
> will always work differently. I don't like this - I believe the
> library should be consistent.
> 2. Move the Signature code to use a marshaller (_not_ trivial, and
> significantly complicates actual signing. *But* it fits in more
> naturally with the JSR105.)
> 3. Move the encryption code to a "build the DOM as I build the
> objects" approach. I favour the latter, but then it's the way I've
> done the C code, so I find it more natural.
>
> Thoughts?
>
> Cheers,
> Berin
>
>