Statement Operations

Author

Torben Pedersen, CRM

Initially the Statement Manager must be initialised. This requires as argument the identity of the user. In later versions this will be removed if we can get this identity automatically. Initialisation also builds preference groups that were not loaded by the Preference manager in advance.

Statements can be operated in two ways. Either directly on the Statement or by first generating a StatementTransaction object. Operations directly on the Statement requires quite a lot of inputs (e.g. keys). By first establishing a transaction object these keys are fixed as part of the session context. Thus by using the operations this way the interface is quite simple.

In both cases the following operations are available

• Making and verifying signatures
• Making and verifying MAC values
• Public key encryption/decryption
• Conventional encryption/decryption

A StatementTransaction object is generated by calling the methods openInitiatorStatementSession or openResponderStatementSession of StatementMan. These methods first negotiate cryptographic algorithms to be used and a method for key exchange. During this negotiation both sides ask the preference manager for the a preferred algorithms and methods. Due to problems of preferences Manager and Access Control the reading of preferences has not been tested. The following services are negotiated:

• Conventional krypto system
• MAC algorithm
• Method for making signatures
• Method for verifying signatures
• Method for public key encryption
• Method for public key decryption
• Hash functions
• Method for key exchange

SIMPLE
The originator selects a key and sends it cryptographically protected to the responder.
MUTUAL
The two parties select a key mutually at random (only computationally random).

To be done

• Suppport more than one module by the manager
• Add more methods for key exchange

Date: August 23, 1996 .