Adding a set of API for public key cryptography is needed for signature operation with internal hashing.
A set of new API would be good, perhaps, if it can support easier use.
we can supply binary data to a routine and it returns binary data; That is, no need of composing/parsing S-expressions, but directly put/get binary data. When/if needed, users can parse S-expression to supply data to new API routine, and can compose data with S-expression after getting binary data from new API routine.
This approach may offer better separation of handling data in S-expression and pk cipher.
Conceptually, it will be like:
- set: part # and data (multiple times, or use of variable number args?)
- ctl: specifying mode of operation, hash algo, setting one-time thing, etc.
- op: generate signature, encryption/decryption, generate key, etc.