OpenSSL::PKey::PKey

class OpenSSL::PKey::PKey

父类:Object

捆绑签名创建（PKey＃签名）和验证（PKey＃验证）的抽象类，除了OpenSSL :: PKey :: DH

OpenSSL::PKey::RSA

OpenSSL::PKey::DSA

OpenSSL::PKey::EC

公共类方法

new → self 显示源

因为PKey是一个抽象类，所以实际调用这个方法会引发一个NotImplementedError。

static VALUE
ossl_pkey_initialize(VALUE self)
{
    if (rb_obj_is_instance_of(self, cPKey)) {
        ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly"
    }
    return self;
}

公共实例方法

sign(digest, data) → String 显示源

签署String data，digest，OpenSSL的::文摘的实例，必须提供。返回值又是String包含签名的。如果发生错误，则会引发PKeyError。任何以前的Digest实例状态都与签名结果无关，摘要实例在操作过程中重置为其初始状态。

例

data = 'Sign me!'
digest = OpenSSL::Digest::SHA256.new
pkey = OpenSSL::PKey::RSA.new(2048)
signature = pkey.sign(digest, data)

static VALUE
ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
{
    EVP_PKEY *pkey;
    const EVP_MD *md;
    EVP_MD_CTX *ctx;
    unsigned int buf_len;
    VALUE str;
    int result;

    pkey = GetPrivPKeyPtr(self
    md = GetDigestPtr(digest
    StringValue(data
    str = rb_str_new(0, EVP_PKEY_size(pkey)

    ctx = EVP_MD_CTX_new(
    if (!ctx)
        ossl_raise(ePKeyError, "EVP_MD_CTX_new"
    if (!EVP_SignInit_ex(ctx, md, NULL)) {
        EVP_MD_CTX_free(ctx
        ossl_raise(ePKeyError, "EVP_SignInit_ex"
    }
    if (!EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data))) {
        EVP_MD_CTX_free(ctx
        ossl_raise(ePKeyError, "EVP_SignUpdate"
    }
    result = EVP_SignFinal(ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey
    EVP_MD_CTX_free(ctx
    if (!result)
        ossl_raise(ePKeyError, "EVP_SignFinal"
    rb_str_set_len(str, buf_len

    return str;
}

verify(digest, signature, data) → String 显示源

为了验证String signature，digest，OpenSSL的::文摘的实例，必须提供重新计算消息原的消化data，也有String。返回值是true签名有效的情况，false否则。如果发生错误，则会引发PKeyError。任何以前的Digest实例状态都与验证结果无关，摘要实例在操作期间重置为其初始状态。

例

data = 'Sign me!'
digest = OpenSSL::Digest::SHA256.new
pkey = OpenSSL::PKey::RSA.new(2048)
signature = pkey.sign(digest, data)
pub_key = pkey.public_key
puts pub_key.verify(digest, signature, data) # => true

static VALUE
ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
{
    EVP_PKEY *pkey;
    const EVP_MD *md;
    EVP_MD_CTX *ctx;
    int siglen, result;

    GetPKey(self, pkey
    pkey_check_public_key(pkey
    md = GetDigestPtr(digest
    StringValue(sig
    siglen = RSTRING_LENINT(sig
    StringValue(data

    ctx = EVP_MD_CTX_new(
    if (!ctx)
        ossl_raise(ePKeyError, "EVP_MD_CTX_new"
    if (!EVP_VerifyInit_ex(ctx, md, NULL)) {
        EVP_MD_CTX_free(ctx
        ossl_raise(ePKeyError, "EVP_VerifyInit_ex"
    }
    if (!EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data))) {
        EVP_MD_CTX_free(ctx
        ossl_raise(ePKeyError, "EVP_VerifyUpdate"
    }
    result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), siglen, pkey
    EVP_MD_CTX_free(ctx
    switch (result) {
    case 0:
        ossl_clear_error(
        return Qfalse;
    case 1:
        return Qtrue;
    default:
        ossl_raise(ePKeyError, "EVP_VerifyFinal"
    }
}