;;; -*- Lisp -*-
;;; $URL$
;;; $Id$
;;;
;;; Scratch pad for working out API design for RPKI engine.
;;;
;;; This file is psuedocode, I just wanted to take advantage of
;;; emacs's built-in support for languages with reasonable syntax.
;;;
;;; Terminology:
;;;
;;; - IRBE: Internet Registry Back End
;;;
;;; - RE: RPKI Engine

;;; Protocol operations between RE and signing engine.  This assumes
;;; the model in which the signing engine stores nothing but keypairs
;;; and takes orders from the RE on what to sign; this still needs to
;;; be checked by competent paranoids.

;; Create a keypair.  :length is the number of bits for the key
;; (default 2048?).

(create-keypair :cust-id 42
		:type :rsa
		:length 2048)
=> (public-key keypair-id)

;; Destroy a keypair.

(destroy-keypair :cust-id 42
		 :keypair-id keypair-id)
=> ()

;; List existing keypairs

(list-keypairs :cust-id 42)
=> ((keypair-id public-key :rsa)
    (keypair-id public-key :rsa)
    ...)

;; Sign something.  how-to-sign tells us both what signature method to
;; use (ie, what kind of object we're signing) and also the signature
;; algorithm to use (where there are multiple choices, which perhaps
;; there should not be?).

(sign-thing :cust-id		42
	    :what-to-sign	cert-without-signature
	    :how-to-sign	:cert-rsa/sha256
	    :keypair-id		keypair-id)
=> (signed-thing)