Subject: [PGP] New Sandbox component
From: Stefan Bodewig 
Date: Tue, 10 May 2005 10:34:59 +0200


members of the Maven, Ant and Repository teams have been thinking
about adding PGP support to their respective projects for a while, but
so far neither of those projects has made any real attempt to do so.

Some discussion on the Ant dev list that involved Ant and Maven
committers lead to the idea of commons-pgp.

The goal is a library that provides a simple API to PGP sign files (or
streams?) and verify PGP signatures.  This may be extended to key
management or encryption/decryption later.  The idea is to start with
an implementation based on Bouncycastle's[1] library but keep the API
independent of it in order to allow different providers like
cryptix[2] to be written.

The library itself is supposed to be independent of either Ant or

The initial set of committers will be Brett Porter, Matt Benson (who
is an Ant committer, I've just granted him commit access to the
sandbox) and myself, but more helping hands are certainly welcome.

So far all there is is a README file describing the purpose of the
component.  We probably should have an API sketch before we go further
than that.  Somebody with commons karma will have to add pgp to the
externals of trunks-sandox at one point.

Based on the projects involved the question probably won't be whether
we use Maven or Ant to build the project, we'll support both.  8-)





path: /en/Apache/commons-openpgp | #