blob: ab82367ab8f0e9357f8b1f1d1d51c0ca8491785e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
;;; -*- Lisp -*-
;;; $Id$
;;;
;;; Scratch pad for working out API design for RPKI engine.
;;;
;;; This file is psuedocode, I just wanted to take advantage of
;;; emacs's built-in support for languages with reasonable syntax.
;;;
;;; Terminology:
;;;
;;; - IRBE: Internet Registry Back End
;;;
;;; - RE: RPKI Engine
;;; Protocol operations between RE and signing engine. This assumes
;;; the model in which the signing engine stores nothing but keypairs
;;; and takes orders from the RE on what to sign; this still needs to
;;; be checked by competent paranoids.
;; Create a keypair. :length is the number of bits for the key
;; (default 2048?).
(create-keypair :cust-id 42
:length 2048)
=> (public-key key-id)
;; Destroy a keypair.
(destroy-keypair :cust-id 42
:key-id key-id)
=> ()
;; List existing keypairs
(list-keypairs :cust-id 42)
=> ((key-id public-key)
(key-id public-key)
...)
;; Sign something. how-to-sign tells us both what signature method to
;; use (ie, what kind of object we're signing) and also the signature
;; algorithm to use (where there are multiple choices, which perhaps
;; there should not be?).
(sign-thing :cust-id 42
:what-to-sign cert-without-signature
:how-to-sign :cert-rsa/sha256
:key-id key-id)
=> (signed-thing)
|
