Class: OpenSSL::Netscape::SPKI
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | ext/openssl/ossl_ns_spki.c, ext/openssl/ossl_ns_spki.c |
Overview
A Simple Public Key Infrastructure implementation (pronounced “spooky”). The structure is defined as
PublicKeyAndChallenge ::= SEQUENCE {
spki SubjectPublicKeyInfo,
challenge IA5STRING
}
SignedPublicKeyAndChallenge ::= SEQUENCE {
publicKeyAndChallenge PublicKeyAndChallenge,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}where the definitions of SubjectPublicKeyInfo and AlgorithmIdentifier can be found in RFC5280. SPKI is typically used in browsers for generating a public/private key pair and a subsequent certificate request, using the HTML <keygen> element.
Examples
Creating an SPKI
key = OpenSSL::PKey::RSA.new 2048
spki = OpenSSL::Netscape::SPKI.new
spki.challenge = "RandomChallenge"
spki.public_key = key.public_key
spki.sign(key, OpenSSL::Digest::SHA256.new)
#send a request containing this to a server generating a certificateVerifying an SPKI request
request = #...
spki = OpenSSL::Netscape::SPKI.new request
unless spki.verify(spki.public_key)
# signature is invalid
end
#proceedClass Method Summary
-
.new([request]) ⇒ SPKI
constructor
Parameters *
request- optional raw request, either in PEM or DER format.
Instance Attribute Summary
-
#challenge ⇒ String
rw
Returns the challenge string associated with this
SPKI. -
#challenge=(str) ⇒ String
rw
Parameters *
str- the challenge string to be set for this instance. -
#public_key ⇒ pkey
rw
Returns the public key associated with the
SPKI, an instance of ::OpenSSL::PKey. -
#public_key=(pub) ⇒ pkey
rw
Parameters *
pub- the public key to be set for this instance.
Instance Method Summary
-
#sign(key, digest) ⇒ SPKI
Parameters *
key- the private key to be used for signing this instance *digest- the digest to be used for signing this instance. -
#to_der ⇒ DER-encoded string
Returns the DER encoding of this
SPKI. -
#to_pem ⇒ PEM-encoded string
Alias for #to_s.
-
#to_s ⇒ PEM-encoded string
(also: #to_pem)
Returns the PEM encoding of this
SPKI. -
#to_text ⇒ String
Returns a textual representation of this
SPKI, useful for debugging purposes. -
#verify(key) ⇒ Boolean
Parameters *
key- the public key to be used for verifying theSPKIsignature.
Constructor Details
.new([request]) ⇒ SPKI
Parameters
-
request- optional raw request, either in PEM or DER format.
Instance Attribute Details
#challenge ⇒ String (rw)
Returns the challenge string associated with this SPKI.
#challenge=(str) ⇒ String (rw)
Parameters
-
str- the challenge string to be set for this instance
Sets the challenge to be associated with the SPKI. May be used by the server, e.g. to prevent replay.
#public_key ⇒ pkey (rw)
Returns the public key associated with the SPKI, an instance of ::OpenSSL::PKey.
#public_key=(pub) ⇒ pkey (rw)
Parameters
-
pub- the public key to be set for this instance
Sets the public key to be associated with the SPKI, an instance of ::OpenSSL::PKey. This should be the public key corresponding to the private key used for signing the SPKI.
Instance Method Details
#sign(key, digest) ⇒ SPKI
Parameters
-
key- the private key to be used for signing this instance -
digest- the digest to be used for signing this instance
To sign an SPKI, the private key corresponding to the public key set for this instance should be used, in addition to a digest algorithm in the form of an ::OpenSSL::Digest. The private key should be an instance of ::OpenSSL::PKey.
#to_der ⇒ DER-encoded string
Returns the DER encoding of this SPKI.
#to_s ⇒ PEM-encoded string
#to_pem ⇒ PEM-encoded string
PEM-encoded string
#to_pem ⇒ PEM-encoded string
Alias for #to_s.
#to_s ⇒ PEM-encoded string Also known as: #to_pem
Returns the PEM encoding of this SPKI.
#to_text ⇒ String
Returns a textual representation of this SPKI, useful for debugging purposes.
#verify(key) ⇒ Boolean
Parameters
-
key- the public key to be used for verifying theSPKIsignature
Returns true if the signature is valid, false otherwise. To verify an SPKI, the public key contained within the SPKI should be used.