Class: Linzer::RSAPSS::Key

Inherits:

Key

• Object
• Key
• Linzer::RSAPSS::Key

Defined in:

lib/linzer/rsa_pss.rb

Overview

Note:

RSA-PSS signatures are non-deterministic due to random salt. The same data signed twice will produce different signatures, but both will verify successfully.

RSA-PSS signing key implementation.

Uses the rsa-pss-sha512 algorithm identifier with a 64-byte salt.

Examples:

Generating a new key

key = Linzer.generate_rsa_pss_sha512_key(2048, "my-key")

Loading from PEM

key = Linzer.new_rsa_pss_sha512_key(File.read("rsa_pss.pem"), "key-1")

See Also:

• Key::Helper#generate_rsa_pss_sha512_key
• Key::Helper#new_rsa_pss_sha512_key

Instance Attribute Summary

Attributes inherited from Key

#material

Instance Method Summary

• #private? ⇒ Boolean

  True if this key contains private key material.

• #public? ⇒ Boolean

  True if this key contains public key material.

• #sign(data) ⇒ String

  Signs data using RSA-PSS.

• #validate ⇒ Object private
• #verify(signature, data) ⇒ Boolean

  Verifies an RSA-PSS signature.

Methods inherited from Key

#initialize, #key_id

Constructor Details

This class inherits a constructor from Linzer::Key

Instance Method Details

#private? ⇒ Boolean

Returns true if this key contains private key material.

Returns:

• (Boolean) —

  true if this key contains private key material

# File 'lib/linzer/rsa_pss.rb', line 74

def private?
  has_pem_private?
end

#public? ⇒ Boolean

Returns true if this key contains public key material.

Returns:

• (Boolean) —

  true if this key contains public key material

# File 'lib/linzer/rsa_pss.rb', line 69

def public?
  has_pem_public?
end

#sign(data) ⇒ String

Note:

The signature is non-deterministic due to random PSS salt.

Signs data using RSA-PSS.

Parameters:

• data (String) —

  The data to sign

Returns:

• (String) —

  The RSA-PSS signature

Raises:

• (SigningError) —

  If this key does not contain private key material

# File 'lib/linzer/rsa_pss.rb', line 47

def sign(data)
  validate_signing_key
  material.sign(@params[:digest], data, signature_options)
end

#validate ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/linzer/rsa_pss.rb', line 35

def validate
  super
  validate_digest
end

#verify(signature, data) ⇒ Boolean

Verifies an RSA-PSS signature.

Parameters:

• signature (String) —

  The signature bytes to verify

• data (String) —

  The data that was signed

Returns:

• (Boolean) —

  true if the signature is valid, false otherwise

Raises:

• (VerifyError) —

  If this key does not contain public key material

# File 'lib/linzer/rsa_pss.rb', line 58

def verify(signature, data)
  validate_verify_key
  material.verify(
    @params[:digest],
    signature,
    data,
    signature_options
  )
end