Beautiful Code [157]
The IDE used for development was Emacs, selected for its power, extensibility, and excellent portability, including portability to handheld and wearable devices that I often used for development on the move. I also appreciated the availability of Emacs's cperl mode, which manages to offer pretty good auto-formatting for Perl code, even though "only perl can parse Perl."
11.4.1. Design Goals and Decisions
Cryptonite was envisioned as an OpenPGP-compatible webmail system designed to be secure, scalable, reliable, and easy to use. Portability and extensibility were other important goals of the project.
A key decision made early on was to develop a fully independent core engine to facilitate interface diversity and cross-platform access. It was important for interface specialists to be able to build interfaces without needing to modify the core. Clean separation of the core from the interface would allow experimentation with a variety of interface styles, which could then be subjected to usability testing to help evolve the optimal interface. This separation is also the essential design feature that will enable a diversity of interfaces to be built in the future, including interfaces designed for small devices such as cellphones and PDAs.
This design called for a client-server system, with a well-defined internal API and a clear separation of functionality and privilege between the Cryptonite engine and the user interface. Interfaces to the core could then be implemented in any language with any UI framework. A reference interface would be developed to enable live usability testing.
Another consideration was to enable flexibility in deployment, by providing the option to perform cryptographic operations either on the server or on the user's own machine. Both approaches have their advantages and drawbacks.
While in principle it is desirable to restrict cryptographic operations to the user's machine, these machines in practice are very often physically insecure and riddled with spyware. The server, on the other hand, can benefit from both high physical security and dedicated software maintenance by experts, making server-side cryptography (especially in conjunction with hardware token authentication) a more secure option for many users. This was another reason behind the choice of Perl as the implementation language: its high portability would make it possible to run the application (or components of it) on both server and user machines, as needed.
An object-oriented implementation would help keep the code easy to comprehend, extend, maintain, and modify over many years. As the code would be available in source form to licensees and end users, readability and accessibility of the code were themselves important objectives.
11.4.2. Basic System Design
The initial design of Cryptonite is shown in Figure 11-3.
Figure 11-3. The initial design of Cryptonite (C::M is shorthand for Cryptonite::Mail)
Most of the work is done by the Cryptonite::Mail::Service class, which defines a high-level service object that implements all the core functionality of the Cryptonite system. The methods of this class simply perform operations based on their arguments and return a status code and the results of the operation, if any. All the methods are noninteractive, and there is no user interface code in this class:
package Cryptonite::Mail::Service;
sub new { # Object constructor
...
}
sub newuser { # Create new user account.
...
}
sub newkey { # Generate a new key for a user.
...
}
...
Cryptonite::Mail::Service encapsulates all the core functionality of the system, including user creation and management; creating, opening and closing folders; sending,