[Opensc-devel] SKS/KeyGen2 for Linux

[Anders R. <and...@gm...>]

Having been encouraged by a message from Mr. Linu{s|x} himself, that
"the security people will never agree on anything" (which probably is correct...) ,
I will slowly but surely port the SKS/KeyGen2 concept to Linux:
https://openkeystore.googlecode.com/svn/resources/trunk/docs/sks-api-arch.pdf

Unfortunately I have have reached a temporary setback because I have found
out that Google will never support XML Schema in Android which makes KeyGen2
dependent on _my_ ports of pretty giant third-party libraries like Apache's XML suite.
In addition, the web-world seems to be hooked on JSON so this is what KeyGen2
will be rewritten in. However, using JSON isn't completely without issues either:

http://webpki.org/papers/PKI/converting-xmldsig-2-json.pdf

Since SKS/KeyGen2 anyway relies on concepts that have very little support in standards
like SM (Secure Messaging), I'm probably going to use proprietary definitions of JSON
crypto objects for the reasons just stated.  The parser will probably check in at 3K-5K
lines so it is not really comparable to the 200K line (!) XML XSD/DSig.

On the lower-end of things, the SKS, I will swap the WS-interface for serialized binary
that should run fine both with Android's "binder" and Linux' D-Bus.  The client-code
for all implementations will (like the current WS-interface
https://code.google.com/p/openkeystore/source/browse/library/trunk/build/sks-ws-descriptor.xml)
be auto-generated from a single definition file.  Skipping WS will make life much simpler :-)

Cheers
Anders