A few comments and some tidying.

2 files changed, 67 insertions, 12 deletions

diff --git a/src/decrypted_kdm.h b/src/decrypted_kdm.h
index 0bed341d..0f305a16 100644
--- a/src/decrypted_kdm.h
+++ b/src/decrypted_kdm.h
@@ -17,6 +17,10 @@
 
 */
 
+/** @file  src/decrypted_kdm.h
+ *  @brief DecryptedKDM class.
+ */
+
 #include "key.h"
 #include "local_time.h"
 #include "decrypted_kdm_key.h"
@@ -30,6 +34,15 @@ class Signer;
 class Certificate;
 class CPL;
 
+/** @class DecryptedKDM
+ *  @brief A decrypted KDM.
+ *
+ *  This is a KDM that has either been decrypted by a target private key, or one which
+ *  has been created by some other means, ready for encryption later.
+ *
+ *  A DecryptedKDM object can be created either from an EncryptedKDM and private key file,
+ *  or from the details of the MXFs that the KDM should protect.
+ */
 class DecryptedKDM
 {
 public:
@@ -38,6 +51,11 @@ public:
 	 */
 	DecryptedKDM (EncryptedKDM const & kdm, boost::filesystem::path private_key);
 
+	/** Construct a DecryptedKDM.
+	 *  @param cpl CPL that the keys are for.
+	 *  @param not_valid_before Start time for the KDM.
+	 *  @param not_valid_after ENd time for the KDM.
+	 */
 	DecryptedKDM (
 		boost::shared_ptr<const CPL> cpl,
 		LocalTime not_valid_before,
@@ -47,9 +65,21 @@ public:
 		std::string issue_date
 		);
 
+	/** Add a key to this KDM.
+	 *  @param type Key type (MDIK, MDAK etc.)
+	 *  @param id Key id.
+	 *  @param key the key itself (which has been used to encrypt a MXF).
+	 */
 	void add_key (std::string type, std::string id, Key key);
-	EncryptedKDM encrypt (boost::shared_ptr<const Signer>, boost::shared_ptr<const Certificate>) const;
 
+	/** Encrypt this KDM's keys and sign the whole KDM.
+	 *  @param signer Signer.
+	 *  @param recipient Certificate of the projector/server which should receive this KDM's keys.
+	 *  @return Encrypted KDM.
+	 */
+	EncryptedKDM encrypt (boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient) const;
+
+	/** @return This KDM's (decrypted) keys, which could be used to decrypt MXFs. */
 	std::list<DecryptedKDMKey> keys () const {
 		return _keys;
 	}
diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h
index 8d13a25a..0aa36a15 100644
--- a/src/encrypted_kdm.h
+++ b/src/encrypted_kdm.h
@@ -17,6 +17,10 @@
 
 */
 
+/** @file  src/encrypted_kdm.h
+ *  @brief EncryptedKDM class.
+ */
+
 #include "local_time.h"
 #include <boost/filesystem.hpp>
 #include <boost/date_time/local_time/local_time.hpp>
@@ -34,12 +38,43 @@ namespace data {
 class Signer;	
 class Certificate;
 
+/** @class EncryptedKDM
+ *  @brief An encrypted KDM.
+ *
+ *  This is a KDM whose keys are encrypted using the target projector's private key.
+ *  An EncryptedKDM object can be initialised from a KDM XML file, or created from
+ *  a DecryptedKDM (using DecryptedKDM::encrypt).
+ */
 class EncryptedKDM
 {
 public:
-	/** Read a KDM from an XML file */
+	/** Read a KDM from an XML file.
+	 *  @param file XML file to read.
+	 */
 	EncryptedKDM (boost::filesystem::path file);
 
+	EncryptedKDM (EncryptedKDM const & kdm);
+	EncryptedKDM & operator= (EncryptedKDM const &);
+	~EncryptedKDM ();
+
+	/** Write this KDM as XML to a file.
+	 *  @param file File to write to.
+	 */
+	void as_xml (boost::filesystem::path file) const;
+
+	/** @return This KDM as XML */
+	std::string as_xml () const;
+
+	/** @return The base64-encoded and encrypted keys that this KDM delivers.
+	 *  Note that the returned `keys' contain more than just the asset decryption
+	 *  keys (also key id, CPL id etc.)
+	 */
+	std::list<std::string> keys () const;
+	
+private:
+
+	friend class DecryptedKDM;
+
 	/** Construct an EncryptedKDM from a set of details */
 	EncryptedKDM (
 		boost::shared_ptr<const Signer> signer,
@@ -52,17 +87,7 @@ public:
 		std::list<std::pair<std::string, std::string> > key_ids,
 		std::list<std::string> keys
 		);
-
-	EncryptedKDM (EncryptedKDM const & kdm);
-	EncryptedKDM & operator= (EncryptedKDM const &);
-	~EncryptedKDM ();
-
-	void as_xml (boost::filesystem::path) const;
-	std::string as_xml () const;
-
-	std::list<std::string> keys () const;
 	
-private:
 	data::EncryptedKDMData* _data;
 };