OpenSSL::PKey
module OpenSSL::PKey
非对称公钥算法
非对称公钥算法解决了建立和共享密钥以解密/解密消息的问题。这种算法的关键在于两部分:可以分发给其他人的公钥和需要保密的私钥。
使用公钥加密的邮件只能由拥有相关私钥的收件人解密。由于公钥算法比对称密钥算法慢得多(参见OpenSSL :: Cipher),它们通常用于建立拥有对方公钥的双方之间共享的对称密钥。
非对称算法提供了许多不同领域使用的很好的功能。一个非常常见的应用是数字签名的创建和验证。为签署文件,签字人通常使用信息摘要算法(参见OpenSSL :: Digest)来计算文件的摘要,然后使用私钥对其进行加密(即签名)。任何拥有公钥的人都可以通过自己计算原始文档的消息摘要来验证签名,使用签名人的公钥对签名进行解密,并将结果与之前计算的消息摘要进行比较。当且仅当解密的签名等于此消息摘要时,签名才有效。
PKey模块支持三种流行的公钥/私钥算法:
- RSA (OpenSSL::PKey::RSA)
- DSA (OpenSSL::PKey::DSA)
- Elliptic Curve Cryptography (OpenSSL::PKey::EC)Each of these implementat
io
ns is in fact a sub-class of the abstract PKey class which offers the interface for supporting digital signatures in the form of OpenSSL::PKey::PKey#sign and OpenSSL::PKey::PKey#verify.Diffie-Hellman Key ExchangeFinally PKey also features OpenSSL::PKey::DH, an implementatio
n of the Diffie-Hellman key exchange protocol based on discrete logarithms in finite fields, the same basis that DSA is built on. The Diffie-Hellman protocol can be used to exchange (symmetric) keys over insecure channels without needing any prio
r joint knowledge between the participating parties. As the security of DH demands relatively long “public keys” (i.e. the part that is overtly transmitted between participants) DH tends to be quite slow. If security or speed is your primary concern, OpenSSL::PKey::EC offers another implementatio
n of the Diffie-Hellman protocol.Public Class Methods OpenSSL::PKey.read(string
, pwd ) → PKey Show source OpenSSL::PKey.read(io
, pwd ) → PKey Reads a DER or PEM encodedstring
fromstring
或者io
返回适当的PKey类的实例。参数
string
是包含任意私钥或公钥的DER或PEM编码的字符串。
io
是一个IO
包含DER或PEM编码的任意私钥或公钥的实例。
pwd
是的情况下,可选的密码string
或file
是一个加密的PEM资源。
static VALUE
ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
BIO *bio;
VALUE data, pass;
rb_scan_args(argc, argv, "11", &data, &pass
pass = ossl_pem_passwd_value(pass
bio = ossl_obj2bio(data
if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) {
OSSL_BIO_reset(bio
if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) {
OSSL_BIO_reset(bio
if (!(pkey = d2i_PUBKEY_bio(bio, NULL))) {
OSSL_BIO_reset(bio
pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass
}
}
}
BIO_free(bio
if (!pkey)
ossl_raise(ePKeyError, "Could not parse PKey"
return ossl_pkey_new(pkey
}