Class: OpenSSL::Netscape::SPKI
Relationships & Source Files | |
Inherits: | Object |
Defined in: | ext/openssl/ossl_ns_spki.c, ext/openssl/ossl_ns_spki.c |
Overview
A Simple Public Key Infrastructure implementation (pronounced “spooky”). The structure is defined as
PublicKeyAndChallenge ::= SEQUENCE {
spki SubjectPublicKeyInfo,
challenge IA5STRING
}
SignedPublicKeyAndChallenge ::= SEQUENCE {
publicKeyAndChallenge PublicKeyAndChallenge,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
where the definitions of SubjectPublicKeyInfo and AlgorithmIdentifier can be found in RFC5280. SPKI
is typically used in browsers for generating a public/private key pair and a subsequent certificate request, using the HTML <keygen> element.
Examples
Creating an SPKI
key = OpenSSL::PKey::RSA.new 2048
spki = OpenSSL::Netscape::SPKI.new
spki.challenge = "RandomChallenge"
spki.public_key = key.public_key
spki.sign(key, OpenSSL::Digest::SHA256.new)
#send a request containing this to a server generating a certificate
Verifying an SPKI request
request = #...
spki = OpenSSL::Netscape::SPKI.new request
unless spki.verify(spki.public_key)
# signature is invalid
end
#proceed
Class Method Summary
-
.new([request]) ⇒ SPKI
constructor
Parameters *
request
- optional raw request, either in PEM or DER format.
Instance Attribute Summary
-
#challenge ⇒ String
rw
Returns the challenge string associated with this
SPKI
. -
#challenge=(str) ⇒ String
rw
Parameters *
str
- the challenge string to be set for this instance. -
#public_key ⇒ pkey
rw
Returns the public key associated with the
SPKI
, an instance of ::OpenSSL::PKey. -
#public_key=(pub) ⇒ pkey
rw
Parameters *
pub
- the public key to be set for this instance.
Instance Method Summary
-
#sign(key, digest) ⇒ SPKI
Parameters *
key
- the private key to be used for signing this instance *digest
- the digest to be used for signing this instance. -
#to_der ⇒ DER-encoded string
Returns the DER encoding of this
SPKI
. -
#to_pem ⇒ PEM-encoded string
Alias for #to_s.
-
#to_s ⇒ PEM-encoded string
(also: #to_pem)
Returns the PEM encoding of this
SPKI
. -
#to_text ⇒ String
Returns a textual representation of this
SPKI
, useful for debugging purposes. -
#verify(key) ⇒ Boolean
Parameters *
key
- the public key to be used for verifying theSPKI
signature.
Constructor Details
.new([request]) ⇒ SPKI
Parameters
-
request
- optional raw request, either in PEM or DER format.
Instance Attribute Details
#challenge ⇒ String
(rw)
Returns the challenge string associated with this SPKI
.
#challenge=(str) ⇒ String
(rw)
Parameters
-
str
- the challenge string to be set for this instance
Sets the challenge to be associated with the SPKI
. May be used by the server, e.g. to prevent replay.
#public_key ⇒ pkey
(rw)
Returns the public key associated with the SPKI
, an instance of ::OpenSSL::PKey.
#public_key=(pub) ⇒ pkey
(rw)
Parameters
-
pub
- the public key to be set for this instance
Sets the public key to be associated with the SPKI
, an instance of ::OpenSSL::PKey. This should be the public key corresponding to the private key used for signing the SPKI
.
Instance Method Details
#sign(key, digest) ⇒ SPKI
Parameters
-
key
- the private key to be used for signing this instance -
digest
- the digest to be used for signing this instance
To sign an SPKI
, the private key corresponding to the public key set for this instance should be used, in addition to a digest algorithm in the form of an ::OpenSSL::Digest. The private key should be an instance of ::OpenSSL::PKey.
#to_der ⇒ DER
-encoded
string
Returns the DER encoding of this SPKI
.
#to_s ⇒ PEM
-encoded
string
#to_pem ⇒ PEM
-encoded
string
PEM
-encoded
string
#to_pem ⇒ PEM
-encoded
string
Alias for #to_s.
#to_s ⇒ PEM
-encoded
string
Also known as: #to_pem
Returns the PEM encoding of this SPKI
.
#to_text ⇒ String
Returns a textual representation of this SPKI
, useful for debugging purposes.
#verify(key) ⇒ Boolean
Parameters
-
key
- the public key to be used for verifying theSPKI
signature
Returns true
if the signature is valid, false
otherwise. To verify an SPKI
, the public key contained within the SPKI
should be used.