Class: TTCrypt::RsaKey

Inherits:

Object

• Object
• TTCrypt::RsaKey

Defined in:

lib/ttcrypt.rb,
ext/ttcrypt/ttcrypt_ruby.cpp

Overview

Implementation of RSAES-OAEP encryption and RSASSA-PSS signing accroding to pkcs#1 v2.2 specification. Does NOT implement any previous cryptographically weak shcemes (like 1.5 signature) - go use openssl for itm but it does compromise private key.

All time consuming operations are executed releasing GVL so other threads can run in parallel in the multicore hardware.

Defined Under Namespace

Classes: Error

Constant Summary

ACCEPTED_PARAMS =

i|n e p q d|

Class Method Summary

• .generate(bits_strength) ⇒ Object

  Generate private key (that contains public key too) of the desired bit length (recommended at least 2048).

Instance Method Summary

• #bits ⇒ Object

  Get key size in bits.

• #components ⇒ Object

  Get key components as hash.

• #decrypt(message) ⇒ Object

  Decrypt message with private key using RSAES-OAEP scheme (pkcs#1 v.2.2).

• #e ⇒ Object
• #encrypt(message) ⇒ Object

  Encrypt message with public key using RSAES-OAEP scheme (pkcs#1 v.2.2).

• #extract_public ⇒ RsaKey

  Extract public key from a private (or public) key.

• #initialize(**params) ⇒ RsaKey constructor

  A new instance of RsaKey.

• #n ⇒ Object
• #p ⇒ String

  P component or nil.

• #private? ⇒ Boolean

  true if self contains private key.

• #q ⇒ Object
• #set_params(**params) ⇒ Object
• #sign(message, hash_name) ⇒ bool

  Sign the message using pkcs#1 v2.2 RSASSA-PSS process.

• #verify(message, signature, hash_name = :sha1) ⇒ bool

  Check message signature signed with pkcs#1 v2.2 RSASSA-PSS process.

Constructor Details

#initialize(**params) ⇒ RsaKey

Returns a new instance of RsaKey.

# File 'lib/ttcrypt.rb', line 34

def initialize ** params
  set_params(params)
end

Class Method Details

.generate(bits_strength) ⇒ Object

Generate private key (that contains public key too) of the desired bit length (recommended at least 2048).

# File 'lib/ttcrypt.rb', line 49

def self.generate bits_strength
  k = RsaKey.new
  k._generate(bits_strength)
end

Instance Method Details

#bits ⇒ Object

Get key size in bits

# File 'lib/ttcrypt.rb', line 55

def bits
  _bits
end

#components ⇒ Object

Get key components as hash. Components are binary strings, indexes are symbols e.g. :n, :e

# File 'lib/ttcrypt.rb', line 111

def components
  @components ||= _components
end

#decrypt(message) ⇒ Object

Decrypt message with private key using RSAES-OAEP scheme (pkcs#1 v.2.2). Requires private key

# File 'lib/ttcrypt.rb', line 69

def decrypt message
  message.force_encoding Encoding::BINARY
  _decrypt message
end

#e ⇒ Object

# File 'lib/ttcrypt.rb', line 128

def e
  components[:e]
end

#encrypt(message) ⇒ Object

Encrypt message with public key using RSAES-OAEP scheme (pkcs#1 v.2.2).

# File 'lib/ttcrypt.rb', line 61

def encrypt message
  message.force_encoding Encoding::BINARY
  _encrypt message
end

#extract_public ⇒ RsaKey

Extract public key from a private (or public) key

Returns:

• (RsaKey) —

  public key instance

# File 'lib/ttcrypt.rb', line 100

def extract_public
  # native implementation: this is for indexing only
end

#n ⇒ Object

# File 'lib/ttcrypt.rb', line 124

def n
  components[:n]
end

#p ⇒ String

Returns P component or nil.

Returns:

• (String) —

  P component or nil

# File 'lib/ttcrypt.rb', line 116

def p
  components[:p]
end

#private? ⇒ Boolean

true if self contains private key

Returns:

• (Boolean)

# File 'lib/ttcrypt.rb', line 105

def private?
  _is_private
end

#q ⇒ Object

# File 'lib/ttcrypt.rb', line 120

def q
  components[:q]
end

#set_params(**params) ⇒ Object

# File 'lib/ttcrypt.rb', line 38

def set_params ** params
  res = {}
  params.each { |k, v|
    ACCEPTED_PARAMS.include?(k) or raise ArgumentError, "unknown key component"
    res[k.to_s] = v.to_s.force_encoding(Encoding::BINARY)
  }
  _set_params res
end

#sign(message, hash_name) ⇒ bool

Sign the message using pkcs#1 v2.2 RSASSA-PSS process. Requires private key.

Parameters:

• message (String) —

  to sign

• hash (Symbol|String) —

  function used (:sha1 or :sha256)

Returns:

• (bool) —

  true if the signature is consistent

# File 'lib/ttcrypt.rb', line 80

def sign message, hash_name
  message.force_encoding Encoding::BINARY
  _sign message, hash_name.to_s.downcase
end

#verify(message, signature, hash_name = :sha1) ⇒ bool

Check message signature signed with pkcs#1 v2.2 RSASSA-PSS process

Parameters:

• message (String) —

  to verify

• signature (String)
• hash (Symbol|String) —

  function used (:sha1 or :sha256)

Returns:

• (bool) —

  true if the signature is consistent

# File 'lib/ttcrypt.rb', line 92

def verify message, signature, hash_name=:sha1
  message.force_encoding Encoding::BINARY
  signature.force_encoding Encoding::BINARY
  _verify message, signature, hash_name.to_s.downcase
end