Class: JWT::PQ::HybridKey

Inherits:

Object

• Object
• JWT::PQ::HybridKey

Defined in:

lib/jwt/pq/hybrid_key.rb

Overview

Composite key combining an Ed25519 keypair with an ML-DSA keypair for hybrid EdDSA + ML-DSA JWT signatures.

Instance Attribute Summary

• #ed25519_signing_key ⇒ Object readonly

  Returns the value of attribute ed25519_signing_key.

• #ed25519_verify_key ⇒ Object readonly

  Returns the value of attribute ed25519_verify_key.

• #ml_dsa_key ⇒ Object readonly

  Returns the value of attribute ml_dsa_key.

Class Method Summary

• .generate(ml_dsa_algorithm = :ml_dsa_65) ⇒ Object

  Generate a new hybrid keypair.

Instance Method Summary

• #algorithm ⇒ Object

  The ML-DSA algorithm name (e.g., “ML-DSA-65”).

• #destroy! ⇒ Object

  Zero and discard private key material from both key components.

• #hybrid_algorithm ⇒ Object

  The hybrid algorithm name (e.g., “EdDSA+ML-DSA-65”).

• #initialize(ed25519:, ml_dsa:) ⇒ HybridKey constructor

  A new instance of HybridKey.

• #inspect ⇒ Object (also: #to_s)
• #private? ⇒ Boolean

  Whether both keys have private components (can sign).

Constructor Details

#initialize(ed25519:, ml_dsa:) ⇒ HybridKey

Returns a new instance of HybridKey.

Parameters:

• ed25519 (Ed25519::SigningKey, Ed25519::VerifyKey) —

  Ed25519 key

• ml_dsa (JWT::PQ::Key) —

  ML-DSA key

# File 'lib/jwt/pq/hybrid_key.rb', line 12

def initialize(ed25519:, ml_dsa:)
  require_eddsa_dependency!

  @ml_dsa_key = ml_dsa

  case ed25519
  when Ed25519::SigningKey
    @ed25519_signing_key = ed25519
    @ed25519_verify_key = ed25519.verify_key
  when Ed25519::VerifyKey
    @ed25519_signing_key = nil
    @ed25519_verify_key = ed25519
  else
    raise KeyError, "Expected Ed25519::SigningKey or Ed25519::VerifyKey, got #{ed25519.class}"
  end
end

Instance Attribute Details

#ed25519_signing_key ⇒ Object (readonly)

Returns the value of attribute ed25519_signing_key.

# File 'lib/jwt/pq/hybrid_key.rb', line 8

def ed25519_signing_key
  @ed25519_signing_key
end

#ed25519_verify_key ⇒ Object (readonly)

Returns the value of attribute ed25519_verify_key.

# File 'lib/jwt/pq/hybrid_key.rb', line 8

def ed25519_verify_key
  @ed25519_verify_key
end

#ml_dsa_key ⇒ Object (readonly)

Returns the value of attribute ml_dsa_key.

# File 'lib/jwt/pq/hybrid_key.rb', line 8

def ml_dsa_key
  @ml_dsa_key
end

Class Method Details

.generate(ml_dsa_algorithm = :ml_dsa_65) ⇒ Object

Generate a new hybrid keypair.

# File 'lib/jwt/pq/hybrid_key.rb', line 30

def self.generate(ml_dsa_algorithm = :ml_dsa_65)
  require_eddsa_dependency!

  ed_key = Ed25519::SigningKey.generate
  ml_key = Key.generate(ml_dsa_algorithm)

  new(ed25519: ed_key, ml_dsa: ml_key)
end

Instance Method Details

#algorithm ⇒ Object

The ML-DSA algorithm name (e.g., “ML-DSA-65”).

# File 'lib/jwt/pq/hybrid_key.rb', line 45

def algorithm
  @ml_dsa_key.algorithm
end

#destroy! ⇒ Object

Zero and discard private key material from both key components. After calling this, the key can only be used for verification.

# File 'lib/jwt/pq/hybrid_key.rb', line 56

def destroy!
  @ml_dsa_key.destroy!
  if @ed25519_signing_key
    seed = @ed25519_signing_key.to_bytes
    seed.replace("\0" * seed.bytesize)
    @ed25519_signing_key = nil
  end
  true
end

#hybrid_algorithm ⇒ Object

The hybrid algorithm name (e.g., “EdDSA+ML-DSA-65”).

# File 'lib/jwt/pq/hybrid_key.rb', line 50

def hybrid_algorithm
  "EdDSA+#{@ml_dsa_key.algorithm}"
end

#inspect ⇒ Object Also known as: to_s

# File 'lib/jwt/pq/hybrid_key.rb', line 66

def inspect
  "#<#{self.class} algorithm=#{hybrid_algorithm} private=#{private?}>"
end

#private? ⇒ Boolean

Whether both keys have private components (can sign).

Returns:

• (Boolean)

# File 'lib/jwt/pq/hybrid_key.rb', line 40

def private?
  !@ed25519_signing_key.nil? && @ml_dsa_key.private?
end