Ruby 2.4
OpenSSL

OpenSSL::PKey::DSA

class OpenSSL::PKey::DSA

父类:OpenSSL::PKey::PKey

数字签名算法DSA在NIST的FIPS 186-3中有详细说明。这是一种非对称公钥算法,可能与RSA类似。请注意,对于1.0.0之前的OpenSSL版本,必须使用摘要算法OpenSSL :: Digest :: DSS(相当于SHA)或OpenSSL :: Digest :: DSS1(相当于SHA-1)来发布带有DSA的签名密钥使用OpenSSL :: PKey#标志。从OpenSSL 1.0.0开始,摘要算法不再受限制,任何摘要都可以用于签名。

公共类方法

生成(大小)→dsa显示源

通过从头开始生成私钥/公钥对创建新的DSA实例。

参数

  • size是一个代表所需密钥大小的整数。静态值VALUE ossl_dsa_s_generate(VALUE klass,VALUE size){DSA * dsa = dsa_generate(NUM2INT(size)); / * err由dsa_instance处理* / VALUE obj = dsa_instance(klass,dsa); if(obj == Qfalse){DSA_free(dsa); ossl_raise(eDSAError,NULL); } return obj; } new→dsa显示源新(大小)→dsa new(string,pass)→dsa通过读取string.Parameters中的现有密钥创建新的DSA实例

  • size 是一个表示所需密钥大小的整数。

  • string 包含DER或PEM编码密钥。

  • pass 是一个包含可选密码的字符串。

例子

DSA.new -> dsa DSA.new(1024) -> dsa DSA.new(File.read('dsa.pem')) -> dsa DSA.new(File.read('dsa.pem'), 'mypassword') -> dsa

static VALUE ossl_dsa_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; DSA *dsa; BIO *in; VALUE arg, pass; GetPKey(self, pkey if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) { dsa = DSA_new( } else if (RB_INTEGER_TYPE_P(arg)) { if (!(dsa = dsa_generate(NUM2INT(arg)))) { ossl_raise(eDSAError, NULL } } else { pass = ossl_pem_passwd_value(pass arg = ossl_to_der_if_possible(arg in = ossl_obj2bio(arg dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass if (!dsa) { OSSL_BIO_reset(in dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL } if (!dsa) { OSSL_BIO_reset(in dsa = d2i_DSAPrivateKey_bio(in, NULL } if (!dsa) { OSSL_BIO_reset(in dsa = d2i_DSA_PUBKEY_bio(in, NULL } if (!dsa) { OSSL_BIO_reset(in #define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ (d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u)) dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL #undef PEM_read_bio_DSAPublicKey } BIO_free(in if (!dsa) { ossl_clear_error( ossl_raise(eDSAError, "Neither PUB key nor PRIV key" } } if (!EVP_PKEY_assign_DSA(pkey, dsa)) { DSA_free(dsa ossl_raise(eDSAError, NULL } return self; }

公共实例方法

export(cipher, password) → aString 显示源

to_pem(cipher, password) → aString

to_s(cipher, password) → aString

将此DSA编码为其PEM编码。

参数

  • cipher is an OpenSSL::Cipher.

  • password 是一个包含你的密码的字符串。

例子

DSA.to_pem -> aString DSA.to_pem(cipher, 'mypassword') -> aString

static VALUE ossl_dsa_export(int argc, VALUE *argv, VALUE self) { DSA *dsa; BIO *out; const EVP_CIPHER *ciph = NULL; VALUE cipher, pass, str; GetDSA(self, dsa rb_scan_args(argc, argv, "02", &cipher, &pass if (!NIL_P(cipher)) { ciph = GetCipherPtr(cipher pass = ossl_pem_passwd_value(pass } if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDSAError, NULL } if (DSA_HAS_PRIVATE(dsa)) { if (!PEM_write_bio_DSAPrivateKey(out, dsa, ciph, NULL, 0, ossl_pem_passwd_cb, (void *)pass)){ BIO_free(out ossl_raise(eDSAError, NULL } } else { if (!PEM_write_bio_DSA_PUBKEY(out, dsa)) { BIO_free(out ossl_raise(eDSAError, NULL } } str = ossl_membio2str(out return str; }

另外别名为:to_pem,to_s

params→哈希显示源码

将密钥的所有参数存储到散列INSECURE:PRIVATE INFORMATIONS CAN LEAK OUT !!! 不要使用:-))(我由你决定)

static VALUE ossl_dsa_get_params(VALUE self) { DSA *dsa; VALUE hash; const BIGNUM *p, *q, *g, *pub_key, *priv_key; GetDSA(self, dsa DSA_get0_pqg(dsa, &p, &q, &g DSA_get0_key(dsa, &pub_key, &priv_key hash = rb_hash_new( rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p) rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q) rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g) rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key) rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key) return hash; }

private? → true | false 显示源

指示此DSA实例是否具有与其关联的私钥。私钥可以通过DSA#private_key检索。

static VALUE ossl_dsa_is_private(VALUE self) { DSA *dsa; GetDSA(self, dsa return DSA_PRIVATE(self, dsa) ? Qtrue : Qfalse; }

public? → true | false 显示源

指示此DSA实例是否具有与其关联的公钥。公钥可以用#public_key检索。

static VALUE ossl_dsa_is_public(VALUE self) { DSA *dsa; const BIGNUM *bn; GetDSA(self, dsa DSA_get0_key(dsa, &bn, NULL return bn ? Qtrue : Qfalse; }

public_key → aDSA 显示源

返回仅携带公钥信息的新DSA实例。如果当前实例也有私钥信息,则新实例中将不再存在。此功能有助于发布公钥信息而不泄漏任何私人信息。

dsa = OpenSSL::PKey::DSA.new(2048) # has public and private information pub_key = dsa.public_key # has only the public part available pub_key_der = pub_key.to_der # it's safe to publish this

static VALUE ossl_dsa_to_public_key(VALUE self) { EVP_PKEY *pkey; DSA *dsa; VALUE obj; GetPKeyDSA(self, pkey /* err check performed by dsa_instance */ #define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \ (i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa)) dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey) #undef DSAPublicKey_dup obj = dsa_instance(rb_obj_class(self), dsa if (obj == Qfalse) { DSA_free(dsa ossl_raise(eDSAError, NULL } return obj; }

set_key(pub_key, priv_key) → self

设置pub_keypriv_keyDSA实例。priv_key可能是零。

set_pqg(p, q, g) → self

pqg为DSA实例。

syssign(string) → aString Show source

计算并返回DSA签名string,其中string预期是原始输入数据的已经计算的消息摘要。签名是使用此DSA实例的私钥发布的。

参数

  • string是要被签名的原始输入数据的消息摘要.Exampledsa = OpenSSL :: PKey :: DSA.new(2048)doc =“Sign me”digest = OpenSSL :: Digest :: SHA1.digest(doc)sig = dsa.syssign (摘要)静态VALUE ossl_dsa_sign(VALUE self,VALUE data){DSA * dsa; const BIGNUM * dsa_q; unsigned int buf_len; VALUE str; GetDSA(self,dsa); DSA_get0_pqg(dsa,NULL,&dsa_q,NULL); 如果(!dsa_q)ossl_raise(eDSAError,“incomplete DSA”); 如果(!DSA_PRIVATE(self,dsa))ossl_raise(eDSAError,“Private DSA key needed!”); 的StringValue(数据); str = rb_str_new(0,DSA_size(dsa)); if(!DSA_sign(0,(unsigned char *)RSTRING_PTR(data),RSTRING_LENINT(data),(unsigned char *)RSTRING_PTR(str),&buf_len)dsa)){/ *类型被忽略(0)* / ossl_raise(eDSAError,NULL); } rb_str_set_len(str,buf_len); 返回str; } sysverify(digest,sig)→true | false显示源根据消息摘要输入验证签名是否有效。它通过验证来实现sig 使用此DSA实例的公钥。参数

  • digest 是要签名的原始输入数据的消息摘要

  • sig 是DSA签名值

dsa = OpenSSL::PKey::DSA.new(2048) doc = "Sign me" digest = OpenSSL::Digest::SHA1.digest(doc) sig = dsa.syssign(digest) puts dsa.sysverify(digest, sig) # => true

static VALUE ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) { DSA *dsa; int ret; GetDSA(self, dsa StringValue(digest StringValue(sig /* type is ignored (0) */ ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LENINT(digest), (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), dsa if (ret < 0) { ossl_raise(eDSAError, NULL } else if (ret == 1) { return Qtrue; } return Qfalse; }

to_der → aString 显示源

将此DSA编码为其DER编码。

static VALUE ossl_dsa_to_der(VALUE self) { DSA *dsa; int (*i2d_func)(DSA *, unsigned char ** unsigned char *p; long len; VALUE str; GetDSA(self, dsa if(DSA_HAS_PRIVATE(dsa)) i2d_func = (int (*)(DSA *,unsigned char **))i2d_DSAPrivateKey; else i2d_func = i2d_DSA_PUBKEY; if((len = i2d_func(dsa, NULL)) <= 0) ossl_raise(eDSAError, NULL str = rb_str_new(0, len p = (unsigned char *)RSTRING_PTR(str if(i2d_func(dsa, &p) < 0) ossl_raise(eDSAError, NULL ossl_str_adjust(str, p return str; }

to_pem(p1 = v1, p2 = v2)

别名为:导出

to_s(p1 = v1, p2 = v2)

别名为:导出

to_text→aString显示源文件

打印缓冲区的所有参数键INSECURE:私人信息可以泄漏!不要使用:-))(我由你决定)

static VALUE ossl_dsa_to_text(VALUE self) { DSA *dsa; BIO *out; VALUE str; GetDSA(self, dsa if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDSAError, NULL } if (!DSA_print(out, dsa, 0)) { /* offset = 0 */ BIO_free(out ossl_raise(eDSAError, NULL } str = ossl_membio2str(out return str; }