Class: Linzer::ECDSA::Key

Inherits:

Key

Object
Key
Linzer::ECDSA::Key

show all

Defined in:: lib/linzer/ecdsa.rb

Overview

Note:

ECDSA signatures are converted between DER format (used by OpenSSL) and the concatenated r||s format required by RFC 9421.

ECDSA signing key implementation.

ECDSA keys provide a good balance of security and performance. Supported algorithm identifiers:

ecdsa-p256-sha256 - NIST P-256 curve with SHA-256
ecdsa-p384-sha384 - NIST P-384 curve with SHA-384

Examples:

Generating a P-256 key

key = Linzer.generate_ecdsa_p256_sha256_key("my-key")

Loading from PEM

key = Linzer.new_ecdsa_p256_sha256_key(File.read("ec_key.pem"), "key-1")

Instance Attribute Summary

Attributes inherited from Key

#material

Instance Method Summary collapse

#sign(data) ⇒ String

Signs data using the ECDSA private key.
#validate ⇒ Object private
#verify(signature, data) ⇒ Boolean

Verifies a signature using the ECDSA public key.

Methods inherited from Key

#initialize, #key_id, #private?, #public?

Constructor Details

This class inherits a constructor from Linzer::Key

Instance Method Details

#sign(data) ⇒ `String`

Signs data using the ECDSA private key.

The signature is returned in concatenated r||s format as required by RFC 9421, not in DER format.

Parameters:

data (String) —

The data to sign

Returns:

(String) —

The signature bytes (64 bytes for P-256, 96 for P-384)

Raises:

(SigningError) —

If this key does not contain private key material

# File 'lib/linzer/ecdsa.rb', line 44

def sign(data)
  validate_signing_key
  decode_der_signature(material.sign(@params[:digest], data))
end

#validate ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/linzer/ecdsa.rb', line 31

def validate
  super
  validate_digest
end

#verify(signature, data) ⇒ `Boolean`

Verifies a signature using the ECDSA public key.

Expects the signature in concatenated r||s format as specified by RFC 9421.