Greetings all,
I've only begun using the CryptoPP lib (v 5.1 3/20/2003, under Linux) -
wow, this is great stuff! - and I have a couple of questions.
I'm currently interested in using (PK) signatures to authenticate the
origin (and validate the integrity of) data.
I've been going over the source, particularly the test.cpp code, to give
me an idea where to begin. As in the test code, I have been using the
RSASS<PKCS1v15, SHA>::Signer and RSASS<PKCS1v15, SHA>::Verifier to
perform the work, using RSA keypairs generated with the method show in
the GenerateRSAKey() function (also in test.cpp).
My questions are:
1) Should I really be using RSASS<PKCS1v15, SHA>? What other options do
I have and where can I go to compare them?
2) I've been using the CryptoPP::BlockingRng and it has been, well,
blocking. This happens when I attempt to make multiple consecutive
signatures. I assume it is waiting on more entropy - is this correct?
Can I just use the non blocking version, if so then what is it "costing"
me?
3) Who owns the pointers? There's a *lot* of code like:
FileSource signatureFile(signatureFilename, true,
new HexDecoder);
where we're simply creating new objects and forgetting about the newly
allocated memory. I'd started "cleaning up" the code, by wrapping all
the new calls in smart pointers (actually, the boost.org scoped_ptr),
when I came upon this snippet:
auto_ptr<ChannelSwitch> channelSwitch(new ChannelSwitch);
// ...
FileSource(filename, true, channelSwitch.release());
Blast! The release() says that it isn't just sloppy code - the
FileSource is actually supposed to take ownership of the pointers. So
my question is, what is the "system", where is pointer ownership
documented?
Is it the case that everytime a non-NULL pointer is used in a method
call it is assumed the callee will take ownership?
Thanks in advance for your help.
Regards,
--
Pat Deegan,
http://www.psychogenic.com/
PGP: http://www.keyserver.net 0x03F86A50
