-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkey: implement PKey#encrypt, #decrypt, #sign_raw, #verify_raw, and #verify_recover #382
Conversation
e4160a5
to
51621d6
Compare
51621d6
to
96b92c5
Compare
2a433b0
to
f6bb911
Compare
@rhenium Hello! OpenSSL 3.0 beta1 is expected to be released on June 30th [1] [1] https://github.com/openssl/openssl/milestone/17 |
OpenSSL 3.0 support requires more work than this, please also see #369 and #399. I'm not planning to release a version of ruby-openssl claiming to fully support OpenSSL 3.0.0 before it's actually tagged. They have a history of changing public API a week before the stable release. :/ (e.g., bb17084) |
Support public key encryption and decryption operations using the EVP API.
The next release is decided to be 3.0 rather than 2.3.
f6bb911
to
f82c8d4
Compare
Add a variant of PKey#sign and #verify that do not hash the data automatically. Sometimes the caller has the hashed data only, but not the plaintext to be signed. In that case, users would have to use the low-level API such as RSA#private_encrypt or #public_decrypt directly. OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify() which provide the same functionality as part of the EVP API. This patch adds wrappers for them.
Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign} family. The definitions are now in lib/openssl/pkey.rb. Also, recommend using those generic methods in the documentation.
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw, OpenSSL::PKey::EC's low level signing operation methods can be implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw, OpenSSL::PKey::DSA's low level signing operation methods can be implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
f82c8d4
to
ce805ad
Compare
Applies on top of #374 (first two commits in this PR).
This implements the rest of #370.
pkey: implement PKey#encrypt and #decrypt
Support public key encryption and decryption operations using the EVP
API.
pkey: update version reference in #sign and #verify documentation
The next release is decided to be 3.0 rather than 2.3.
pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover
Add a variant of PKey#sign and #verify that do not hash the data
automatically.
Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.
OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP API
Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
family. The definitions are now in lib/openssl/pkey.rb.
Also, recommend using those generic methods in the documentation.
pkey/ec: refactor EC#dsa_{sign,verify}_asn1 with PKey#{sign,verify}_raw
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::EC's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
pkey/dsa: refactor DSA#sys{sign,verify} with PKey#{sign,verify}_raw
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::DSA's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.