OpenSSL::PKey::DSA
class OpenSSL::PKey::DSA
父类:OpenSSL::PKey::PKey
数字签名算法DSA在NIST的FIPS 186-3中有详细说明。这是一种非对称公钥算法,可能与RSA类似。请注意,对于1.0.0之前的OpenSSL版本,必须使用摘要算法OpenSSL :: Digest :: DSS(相当于SHA)或OpenSSL :: Digest :: DSS1(相当于SHA-1)来发布带有DSA的签名密钥使用OpenSSL :: PKey#标志。从OpenSSL 1.0.0开始,摘要算法不再受限制,任何摘要都可以用于签名。
公共类方法
生成(大小)→dsa显示源
通过从头开始生成私钥/公钥对创建新的DSA实例。
参数
size是一个代表所需密钥大小的整数。静态值VALUE ossl_dsa_s_generate(VALUE klass,VALUEsize){DSA * dsa = dsa_generate(NUM2INT(size)); / * err由dsa_instance处理* / VALUE obj = dsa_instance(klass,dsa); if(obj == Qfalse){DSA_free(dsa); ossl_raise(eDSAError,NULL); } return obj; } new→dsa显示源新(大小)→dsa new(string,pass)→dsa通过读取string.Parameters中的现有密钥创建新的DSA实例
size是一个表示所需密钥大小的整数。
string包含DER或PEM编码密钥。
pass是一个包含可选密码的字符串。
例子
DSA.new -> dsa
DSA.new(1024) -> dsa
DSA.new(File.read('dsa.pem')) -> dsa
DSA.new(File.read('dsa.pem'), 'mypassword') -> dsa
static VALUE
ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
DSA *dsa;
BIO *in;
VALUE arg, pass;
GetPKey(self, pkey
if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) {
dsa = DSA_new(
}
else if (RB_INTEGER_TYPE_P(arg)) {
if (!(dsa = dsa_generate(NUM2INT(arg)))) {
ossl_raise(eDSAError, NULL
}
}
else {
pass = ossl_pem_passwd_value(pass
arg = ossl_to_der_if_possible(arg
in = ossl_obj2bio(arg
dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass
if (!dsa) {
OSSL_BIO_reset(in
dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL
}
if (!dsa) {
OSSL_BIO_reset(in
dsa = d2i_DSAPrivateKey_bio(in, NULL
}
if (!dsa) {
OSSL_BIO_reset(in
dsa = d2i_DSA_PUBKEY_bio(in, NULL
}
if (!dsa) {
OSSL_BIO_reset(in
#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
(d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u))
dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL
#undef PEM_read_bio_DSAPublicKey
}
BIO_free(in
if (!dsa) {
ossl_clear_error(
ossl_raise(eDSAError, "Neither PUB key nor PRIV key"
}
}
if (!EVP_PKEY_assign_DSA(pkey, dsa)) {
DSA_free(dsa
ossl_raise(eDSAError, NULL
}
return self;
}
公共实例方法
export(cipher, password) → aString 显示源
to_pem(cipher, password) → aString
to_s(cipher, password) → aString
将此DSA编码为其PEM编码。
参数
cipheris an OpenSSL::Cipher.
password是一个包含你的密码的字符串。
例子
DSA.to_pem -> aString
DSA.to_pem(cipher, 'mypassword') -> aString
static VALUE
ossl_dsa_export(int argc, VALUE *argv, VALUE self)
{
DSA *dsa;
BIO *out;
const EVP_CIPHER *ciph = NULL;
VALUE cipher, pass, str;
GetDSA(self, dsa
rb_scan_args(argc, argv, "02", &cipher, &pass
if (!NIL_P(cipher)) {
ciph = GetCipherPtr(cipher
pass = ossl_pem_passwd_value(pass
}
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eDSAError, NULL
}
if (DSA_HAS_PRIVATE(dsa)) {
if (!PEM_write_bio_DSAPrivateKey(out, dsa, ciph, NULL, 0,
ossl_pem_passwd_cb, (void *)pass)){
BIO_free(out
ossl_raise(eDSAError, NULL
}
} else {
if (!PEM_write_bio_DSA_PUBKEY(out, dsa)) {
BIO_free(out
ossl_raise(eDSAError, NULL
}
}
str = ossl_membio2str(out
return str;
}
另外别名为:to_pem,to_s
params→哈希显示源码
将密钥的所有参数存储到散列INSECURE:PRIVATE INFORMATIONS CAN LEAK OUT !!! 不要使用:-))(我由你决定)
static VALUE
ossl_dsa_get_params(VALUE self)
{
DSA *dsa;
VALUE hash;
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
GetDSA(self, dsa
DSA_get0_pqg(dsa, &p, &q, &g
DSA_get0_key(dsa, &pub_key, &priv_key
hash = rb_hash_new(
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p)
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q)
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g)
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key)
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key)
return hash;
}
private? → true | false 显示源
指示此DSA实例是否具有与其关联的私钥。私钥可以通过DSA#private_key检索。
static VALUE
ossl_dsa_is_private(VALUE self)
{
DSA *dsa;
GetDSA(self, dsa
return DSA_PRIVATE(self, dsa) ? Qtrue : Qfalse;
}
public? → true | false 显示源
指示此DSA实例是否具有与其关联的公钥。公钥可以用#public_key检索。
static VALUE
ossl_dsa_is_public(VALUE self)
{
DSA *dsa;
const BIGNUM *bn;
GetDSA(self, dsa
DSA_get0_key(dsa, &bn, NULL
return bn ? Qtrue : Qfalse;
}
public_key → aDSA 显示源
返回仅携带公钥信息的新DSA实例。如果当前实例也有私钥信息,则新实例中将不再存在。此功能有助于发布公钥信息而不泄漏任何私人信息。
例
dsa = OpenSSL::PKey::DSA.new(2048) # has public and private information
pub_key = dsa.public_key # has only the public part available
pub_key_der = pub_key.to_der # it's safe to publish this
static VALUE
ossl_dsa_to_public_key(VALUE self)
{
EVP_PKEY *pkey;
DSA *dsa;
VALUE obj;
GetPKeyDSA(self, pkey
/* err check performed by dsa_instance */
#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
(i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey)
#undef DSAPublicKey_dup
obj = dsa_instance(rb_obj_class(self), dsa
if (obj == Qfalse) {
DSA_free(dsa
ossl_raise(eDSAError, NULL
}
return obj;
}
set_key(pub_key, priv_key) → self
设置pub_key和priv_keyDSA实例。priv_key可能是零。
set_pqg(p, q, g) → self
套p,q,g为DSA实例。
syssign(string) → aString Show source
计算并返回DSA签名string,其中string预期是原始输入数据的已经计算的消息摘要。签名是使用此DSA实例的私钥发布的。
参数
string是要被签名的原始输入数据的消息摘要.Exampledsa = OpenSSL :: PKey :: DSA.new(2048)doc =“Sign me”digest = OpenSSL :: Digest :: SHA1.digest(doc)sig= dsa.syssign (摘要)静态VALUE ossl_dsa_sign(VALUE self,VALUE data){DSA * dsa; const BIGNUM * dsa_q; unsigned int buf_len; VALUE str; GetDSA(self,dsa); DSA_get0_pqg(dsa,NULL,&dsa_q,NULL); 如果(!dsa_q)ossl_raise(eDSAError,“incomplete DSA”); 如果(!DSA_PRIVATE(self,dsa))ossl_raise(eDSAError,“Private DSA key needed!”); 的StringValue(数据); str = rb_str_new(0,DSA_size(dsa)); if(!DSA_sign(0,(unsigned char *)RSTRING_PTR(data),RSTRING_LENINT(data),(unsigned char *)RSTRING_PTR(str),&buf_len)dsa)){/ *类型被忽略(0)* / ossl_raise(eDSAError,NULL); } rb_str_set_len(str,buf_len); 返回str; } sysverify(digest,sig)→true | false显示源根据消息摘要输入验证签名是否有效。它通过验证来实现sig使用此DSA实例的公钥。参数
digest是要签名的原始输入数据的消息摘要
sig是DSA签名值
例
dsa = OpenSSL::PKey::DSA.new(2048)
doc = "Sign me"
digest = OpenSSL::Digest::SHA1.digest(doc)
sig = dsa.syssign(digest)
puts dsa.sysverify(digest, sig) # => true
static VALUE
ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig)
{
DSA *dsa;
int ret;
GetDSA(self, dsa
StringValue(digest
StringValue(sig
/* type is ignored (0) */
ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LENINT(digest),
(unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), dsa
if (ret < 0) {
ossl_raise(eDSAError, NULL
}
else if (ret == 1) {
return Qtrue;
}
return Qfalse;
}
to_der → aString 显示源
将此DSA编码为其DER编码。
static VALUE
ossl_dsa_to_der(VALUE self)
{
DSA *dsa;
int (*i2d_func)(DSA *, unsigned char **
unsigned char *p;
long len;
VALUE str;
GetDSA(self, dsa
if(DSA_HAS_PRIVATE(dsa))
i2d_func = (int (*)(DSA *,unsigned char **))i2d_DSAPrivateKey;
else
i2d_func = i2d_DSA_PUBKEY;
if((len = i2d_func(dsa, NULL)) <= 0)
ossl_raise(eDSAError, NULL
str = rb_str_new(0, len
p = (unsigned char *)RSTRING_PTR(str
if(i2d_func(dsa, &p) < 0)
ossl_raise(eDSAError, NULL
ossl_str_adjust(str, p
return str;
}
to_pem(p1 = v1, p2 = v2)
别名为:导出
to_s(p1 = v1, p2 = v2)
别名为:导出
to_text→aString显示源文件
打印缓冲区的所有参数键INSECURE:私人信息可以泄漏!不要使用:-))(我由你决定)
static VALUE
ossl_dsa_to_text(VALUE self)
{
DSA *dsa;
BIO *out;
VALUE str;
GetDSA(self, dsa
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eDSAError, NULL
}
if (!DSA_print(out, dsa, 0)) { /* offset = 0 */
BIO_free(out
ossl_raise(eDSAError, NULL
}
str = ossl_membio2str(out
return str;
}
