class OpenSSL::PKey::PKey
An abstract class that bundles signature creation (PKey#sign) and validation (PKey#verify) that is common to all implementations except OpenSSL::PKey::DH
Public Class Methods
Because PKey is an abstract class, actually calling
this method explicitly will raise a NotImplementedError
.
static VALUE ossl_pkey_initialize(VALUE self) { if (rb_obj_is_instance_of(self, cPKey)) { ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class."); } return self; }
Public Instance Methods
To sign the String
data
, digest
, an
instance of OpenSSL::Digest, must be provided.
The return value is again a String
containing the signature. A
PKeyError is raised should errors occur. Any
previous state of the Digest
instance is irrelevant to the
signature outcome, the digest instance is reset to its initial state during
the operation.
Example¶ ↑
data = 'Sign me!' digest = OpenSSL::Digest::SHA256.new pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign(digest, data)
static VALUE ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) { EVP_PKEY *pkey; EVP_MD_CTX ctx; unsigned int buf_len; VALUE str; int result; if (rb_funcall(self, id_private_q, 0, NULL) != Qtrue) { ossl_raise(rb_eArgError, "Private key is needed."); } GetPKey(self, pkey); EVP_SignInit(&ctx, GetDigestPtr(digest)); StringValue(data); EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); str = rb_str_new(0, EVP_PKEY_size(pkey)+16); result = EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey); EVP_MD_CTX_cleanup(&ctx); if (!result) ossl_raise(ePKeyError, NULL); assert((long)buf_len <= RSTRING_LEN(str)); rb_str_set_len(str, buf_len); return str; }
To verify the String
signature
,
digest
, an instance of OpenSSL::Digest, must be provided to re-compute
the message digest of the original data
, also a
String
. The return value is true
if the signature
is valid, false
otherwise. A PKeyError is raised should errors occur. Any
previous state of the Digest
instance is irrelevant to the
validation outcome, the digest instance is reset to its initial state
during the operation.
Example¶ ↑
data = 'Sign me!' digest = OpenSSL::Digest::SHA256.new pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign(digest, data) pub_key = pkey.public_key puts pub_key.verify(digest, signature, data) # => true
static VALUE ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) { EVP_PKEY *pkey; EVP_MD_CTX ctx; int result; GetPKey(self, pkey); StringValue(sig); StringValue(data); EVP_VerifyInit(&ctx, GetDigestPtr(digest)); EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); result = EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey); EVP_MD_CTX_cleanup(&ctx); switch (result) { case 0: return Qfalse; case 1: return Qtrue; default: ossl_raise(ePKeyError, NULL); } return Qnil; /* dummy */ }