[bind10-dev] cryptolink design
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Thu Jul 12 19:07:18 UTC 2012
At Mon, 02 Jul 2012 15:24:09 +0000,
Francis Dupont <fdupont at isc.org> wrote:
> I was looking at the cryptolink design: IMHO it falled into a common
> error by providing only one update function: in PKCS#11 you have:
> - SignInit() (which takes the key)
> - SignUpdate() and SignFinal()
> - or Sign() which does the same than update*+final in one shot,
> and the same for Verify. So there is not one update() but two update()
> functions, one in each "direction". Of course you can go from 2 updates
> to 1, but not the opposite.
You mean we need different update functions for sign and verify? I
don't have technical background for it, but the underlying Botan
library doesn't seem to differentiate these:
http://botan.randombit.net/doxygen/classBotan_1_1HMAC.html
so, as long as our intended usage of this wrapper library is for Botan
there may not be a reasonable way to support it.
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list