1 files changed, 49 insertions, 0 deletions

diff --git a/docs/signing-engine-protocol b/docs/signing-engine-protocol
new file mode 100644
index 00000000..ab82367a
--- /dev/null
+++ b/docs/signing-engine-protocol
@@ -0,0 +1,49 @@
+;;; -*- Lisp -*-
+;;; $Id$
+;;;
+;;; Scratch pad for working out API design for RPKI engine.
+;;;
+;;; This file is psuedocode, I just wanted to take advantage of
+;;; emacs's built-in support for languages with reasonable syntax.
+;;;
+;;; Terminology:
+;;;
+;;; - IRBE: Internet Registry Back End
+;;;
+;;; - RE: RPKI Engine
+
+;;; Protocol operations between RE and signing engine.  This assumes
+;;; the model in which the signing engine stores nothing but keypairs
+;;; and takes orders from the RE on what to sign; this still needs to
+;;; be checked by competent paranoids.
+
+;; Create a keypair.  :length is the number of bits for the key
+;; (default 2048?).
+
+(create-keypair :cust-id 42
+		:length 2048)
+=> (public-key key-id)
+
+;; Destroy a keypair.
+
+(destroy-keypair :cust-id 42
+		 :key-id key-id)
+=> ()
+
+;; List existing keypairs
+
+(list-keypairs :cust-id 42)
+=> ((key-id public-key)
+    (key-id public-key)
+    ...)
+
+;; Sign something.  how-to-sign tells us both what signature method to
+;; use (ie, what kind of object we're signing) and also the signature
+;; algorithm to use (where there are multiple choices, which perhaps
+;; there should not be?).
+
+(sign-thing :cust-id		42
+	    :what-to-sign	cert-without-signature
+	    :how-to-sign	:cert-rsa/sha256
+	    :key-id		key-id)
+=> (signed-thing)