Class: TTCrypt::RsaKey

Inherits:

Object

• Object
• TTCrypt::RsaKey

Defined in:

lib/ttcrypt.rb,
ext/ttcrypt/ttcrypt_ruby.cpp

Overview

Implementation of RSAES-OAEP encryption and RSASSA-PSS signing accroding to pkcs#1 v2.2 specification. Does NOT implement any previous cryptographically weak shcemes (like 1.5 signature) - go use openssl for itm but it does compromise private key.

All time consuming operations are executed releasing GVL so other threads can run in parallel in the multicore hardware.

Defined Under Namespace

Classes: Error

Constant Summary

ACCEPTED_PARAMS =

%i|n e p q d|

Class Method Summary

• .generate(bits_strength) ⇒ Object

  Generate private key (that contains public key too) of the desired bit length (recommended at least 2048).

Instance Method Summary

• #bits ⇒ Object

  Get key size in bits.

• #components ⇒ Object

  Get key components as hash.

• #decrypt(message) ⇒ Object

  Decrypt message with private key using RSAES-OAEP scheme (pkcs#1 v.2.2).

• #e ⇒ Object
• #encrypt(message) ⇒ Object

  Encrypt message with public key using RSAES-OAEP scheme (pkcs#1 v.2.2).

• #extract_public ⇒ RsaKey

  Extract public key from a private (or public) key.

• #initialize(**params) ⇒ RsaKey constructor

  A new instance of RsaKey.

• #n ⇒ Object
• #p ⇒ String

  P component or nil.

• #private? ⇒ Boolean

  true if self contains private key.

• #q ⇒ Object
• #set_params(**params) ⇒ Object
• #sign(message, hash_name) ⇒ bool

  Sign the message using pkcs#1 v2.2 RSASSA-PSS process.

• #verify(message, signature, hash_name = :sha1) ⇒ bool

  Check message signature signed with pkcs#1 v2.2 RSASSA-PSS process.

Constructor Details

#initialize(**params) ⇒ RsaKey

Returns a new instance of RsaKey.

# File 'lib/ttcrypt.rb', line 41

def initialize ** params
  set_params(params)
end

Class Method Details

.generate(bits_strength) ⇒ Object

Generate private key (that contains public key too) of the desired bit length (recommended at least 2048).

# File 'lib/ttcrypt.rb', line 56

def self.generate bits_strength
  k = RsaKey.new
  k._generate(bits_strength)
end

Instance Method Details

#bits ⇒ Object

Get key size in bits

# File 'lib/ttcrypt.rb', line 62

def bits
  _bits
end

#components ⇒ Object

Get key components as hash. Components are binary strings, indexes are symbols e.g. :n, :e

# File 'lib/ttcrypt.rb', line 118

def components
  @components ||= _components
end

#decrypt(message) ⇒ Object

Decrypt message with private key using RSAES-OAEP scheme (pkcs#1 v.2.2). Requires private key

# File 'lib/ttcrypt.rb', line 76

def decrypt message
  message.force_encoding Encoding::BINARY
  _decrypt message
end

#e ⇒ Object

# File 'lib/ttcrypt.rb', line 135

def e
  components[:e]
end

#encrypt(message) ⇒ Object

Encrypt message with public key using RSAES-OAEP scheme (pkcs#1 v.2.2).

# File 'lib/ttcrypt.rb', line 68

def encrypt message
  message.force_encoding Encoding::BINARY
  _encrypt message
end

#extract_public ⇒ RsaKey

Extract public key from a private (or public) key

Returns:

• (RsaKey) —

  public key instance

# File 'lib/ttcrypt.rb', line 107

def extract_public
  # native implementation: this is for indexing only
end

#n ⇒ Object

# File 'lib/ttcrypt.rb', line 131

def n
  components[:n]
end

#p ⇒ String

Returns P component or nil.

Returns:

• (String) —

  P component or nil

# File 'lib/ttcrypt.rb', line 123

def p
  components[:p]
end

#private? ⇒ Boolean

true if self contains private key

Returns:

• (Boolean)

# File 'lib/ttcrypt.rb', line 112

def private?
  _is_private
end

#q ⇒ Object

# File 'lib/ttcrypt.rb', line 127

def q
  components[:q]
end

#set_params(**params) ⇒ Object

# File 'lib/ttcrypt.rb', line 45

def set_params ** params
  res = {}
  params.each { |k, v|
    ACCEPTED_PARAMS.include?(k) or raise ArgumentError, "unknown key component"
    res[k.to_s] = v.to_s.force_encoding(Encoding::BINARY)
  }
  _set_params res
end

#sign(message, hash_name) ⇒ bool

Sign the message using pkcs#1 v2.2 RSASSA-PSS process. Requires private key.

Parameters:

• message (String) —

  to sign

• hash (Symbol|String) —

  function used (:sha1 or :sha256)

Returns:

• (bool) —

  true if the signature is consistent

# File 'lib/ttcrypt.rb', line 87

def sign message, hash_name
  message.force_encoding Encoding::BINARY
  _sign message, hash_name.to_s.downcase
end

#verify(message, signature, hash_name = :sha1) ⇒ bool

Check message signature signed with pkcs#1 v2.2 RSASSA-PSS process

Parameters:

• message (String) —

  to verify

• signature (String)
• hash (Symbol|String) —

  function used (:sha1 or :sha256)

Returns:

• (bool) —

  true if the signature is consistent

# File 'lib/ttcrypt.rb', line 99

def verify message, signature, hash_name=:sha1
  message.force_encoding Encoding::BINARY
  signature.force_encoding Encoding::BINARY
  _verify message, signature, hash_name.to_s.downcase
end