[OATH-Toolkit-help] building PSKC data: how should the interface be?

[Simon Josefsson]

Simon Josefsson <address@hidden> writes:

> My priority is to work on functions to set PSKC fields, to enable
> building an interface in pskctool to generate PSKC data, and then look
> at the encryption part of PSKC.

The design of the library API is pretty straightforward.  However how
should the command line tool work?  Does providing values on the command
line like this make sense?

pskctool --build --container "version=1.0,id=FOOBAR" \
  --keypackage 
"key-id=1234,key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp,device-manufacturer=SomeManufacturer,key-b64secret=MTIzNA=="

You could have one --keypackage parameter per keypackage structure.

Or should it read from standard input some format?  For example:

pskctool --build --container-version 1.0 --container-id FOOBAR \
  --keypackage-format "key-id,key-algorithm,device-manufacturer,key-b64secret"

which would then read line-based data like this:

1234,urn:ietf:params:xml:ns:keyprov:pskc:hotp,SomeManufacturer,MTIzNA==

That is better since secret keys are not provided on the command line.
It could support a "default" simple input format so one could do:

pskctool --build <EOF
container-version=1.0
container-id=FOOBAR
key-id=1234
key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp
device-manufacturer=SomeManufacturer
key-b64secret=MTIzNA==
EOF

However some mechanism is needed to separate different keypackages.
Maybe like this:

[container]
version=1.0
id=FOOBAR
[keypackage]
key-id=1234
key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp
device-manufacturer=SomeManufacturer
key-b64secret=MTIzNA==
[keypackage]
key-id=5678
key-algorithm=urn:ietf:params:xml:ns:keyprov:pskc:hotp
device-manufacturer=SomeOtherManufacturer
key-b64secret=AMAMAA==

Any other ideas?

/Simon