Package org.refcodes.forwardsecrecy

Interface DecryptionServer

All Known Implementing Classes:

InMemoryDecryptionServer, PublicKeyDecryptionServerWrapper

public interface DecryptionServer

The DecryptionServer contains CipherVersion instances assigned to a namespace.

Depending on the implementation, the DecryptionServer might as well contain a number of public keys (for an asymmetric encryption approach) also assigned to the individual namespaces identifying the owners of the private keys with which it is secure to communicate.

The DecryptionServer might access persisted CipherVersion instances. Depending on the implementation, the CipherVersion instances to be persisted must be encrypted with the DecryptionServer 's public key. An EncryptionService having this public key then can do secure persisting.

Requesting the CipherVersion instances from the DecryptionServer might then be done by authenticating that the requester is entitled to request the cipher versions by verifying the signature of a requester's message with the public keys by the DecryptionServer and by encrypting the CipherVersion instances with that according public key. The DecryptionServer itself might use an asymmetric encryption approach to decrypt persisted CipherVersion instances persisted by the encryption server (and being encrypted by the EncryptionService).

A DecryptionServer's wrapper could be hooked on top the DecryptionServer which uses the private key used for encrypting the ciphers by the EncryptionService to decrypt the ciphers and encrypts the ciphers again with a public key from a key pair of an according DecryptionService. The DecryptionService authenticates itself with a message and a message's signature generated from its according private key. The DecryptionServer can validate the signature and use the trusted public key for encryption. By replacing the implementation of the DecryptionServer, the way CipherVersion instances are persisted can be changed easily.

Method Summary

Modifier and Type	Method	Description
List<CipherVersion>	getCipherVersions(String aNamespace, String aMessage, String aSignature)	Returns the currently available cipher versions.

Method Detail

getCipherVersions

List<CipherVersion> getCipherVersions(String aNamespace,
                                      String aMessage,
                                      String aSignature)
                               throws SignatureVerificationException

Returns the currently available cipher versions. An implementation might just make use of an ObjectOutputStream. Though the stream is encrypted with the public key of the message signer. ------------------------------------------------------------------------- Another approach might not return a stream, it might return a list containing the cipher versions with the ciphers being encrypted by the public key. Or a stream is returned which is not encrypted but the ciphers in the cipher versions carried by the stream. -------------------------------------------------------------------------

Parameters:

aNamespace - The namespace for which to get the cipher versions.

aMessage - A message to be signed by the requester of the cipher version.

aSignature - The signature of the requester so that the according public key for encryption can be determined and the origin can be verified.

Returns:

A list as with the currently known cipher versions. The ciphers contained therein might be encrypted!

Throws:

SignatureVerificationException - in case verifying the signature for the message failed to to no public key found which successfully verified the signature