We're updating the issue view to help you get more done. 

Version.signature has very specific implementation assuming particular technology solution to creating a signature

Description

Version.signature has very specific implementation assuming particular technology solution to creating a signature. More recent approaches may use SHA1 and XML Digital Signature payload documents. These should be supported along with other cryptography libraries other than openPGP including Microsoft.NET and other open source libraries.

To support these variations, the should be an additional attribute in the Version class to indicate what signature algorithm is used (similar to the DvMultimedia integrity check algorithm attribute) rather than relying on the self describing PGP byte stream.

There should be additional implementation guideance to support interoperable signatures using different cryptography libraries.

Environment

None

Status

Reporter

Heath Frankel

Labels

None

Components

Affects versions

RM Release 1.0.2

Priority

Major