> Um, that's not a terribly clever interface. Most, if not all,
> encryption algorithm require computation to transform the key into a
> computationally efficient form. Passing the key on the same call as the
> data either requires the key to be computed on each message or for the
> encryption code to transparently cache processed keys, which add
> complexity, overhead, and a guaranteed memory leak.

We could extend it with one more call to get from the plugin a
computationally optimized key, which is then passed into encrypt/decrypt
routines. That would not require any change there, only adding an entry
point.

> Also, the output size isn't the same as the input size. DES rounds up
> to an eight byte boundary, AES to 16 bytes. How is the called to know
> what to expect?

Should be not an issue, since page size can be divided on 16...

I think we should do there as little as possible in order to get
experience with its use.

Roman