Tom Proett <[EMAIL PROTECTED]> writes:

> I don't see the value in lsh_writekey.  Why not have lsh_keygen
> do the writing?

Well, that is a good question. I'll try to explain how I'm thinking...

I like the approach to have each program do one thing, and do it well.
And I'm a little tired of programs like ssh and pgp which include a
good key generator, but only generates keys in some specialized,
internal format, which are difficult to extract for other uses.

My intention is that lsh_keygen should be general program for
generating key pairs for public key cryptography. It outputs keys as
"s-expressions", and should use the formats defined by SPKI. It
supports all of canonical, transport and advanced flavors of
s-expressions. 

On the other hand, lsh_writekey is responsible for two things: to
split out the public part of the kay, and for storing the private part
securely. lsh_writekey need not support the advanced s-expression
syntax. (When I think of it, perhaps it would be better to have
lsh_writekey send the public key to stdout...).

Furthermore, if you ever want to import a dss key from some other
program (say, pgp-5), I suspect that it will be easier to find or
write up a converter that outputs an unencrypted SPKI style key, than a
program that can create the files under ~/.lsh directly. Then, the
separate lsh_writekey program may come in handy.

This said, I understand that we also need a more user friendly
interface that does all the work with a single command. But I'd rather
write that as a simple shell script that pipes the primitives
together.

For more information about spki and s-expressions, see

   http://www.clark.net/pub/cme/html/spki.html
   http://theory.lcs.mit.edu/~rivest/sexp.html

Regards,
/Niels

Reply via email to