Class: Linzer::Key Abstract

Inherits:
Object
  • Object
show all
Defined in:
lib/linzer/key.rb,
lib/linzer/key/helper.rb

Overview

This class is abstract.

Subclass and override #sign and #verify to implement a specific cryptographic algorithm.

Abstract base class for cryptographic keys used in HTTP message signatures.

This class provides the common interface for all key types supported by Linzer. Do not instantiate this class directly; use one of the concrete subclasses or the key generation/loading helper methods.

Examples:

Using a concrete key class via helper methods

# Generate a new Ed25519 key pair
key = Linzer.generate_ed25519_key("my-key-id")

# Load an existing RSA-PSS key from PEM
key = Linzer.new_rsa_pss_sha512_key(File.read("private.pem"), "rsa-key")

See Also:

Defined Under Namespace

Modules: Helper

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(material, params = {}) ⇒ Key

Creates a new Key instance.

Parameters:

  • material (OpenSSL::PKey::PKey, String)

    The key material. For asymmetric keys, this is typically an OpenSSL key object. For HMAC, this is the raw secret bytes.

  • params (Hash) (defaults to: {})

    Additional key parameters

Options Hash (params):

  • :id (String)

    The key identifier (keyid) for this key

  • :digest (String)

    The digest algorithm (e.g., “SHA256”, “SHA512”)

Raises:

  • (Error)

    If key material is nil or invalid



37
38
39
40
41
42
43
44
 
# File 'lib/linzer/key.rb', line 37

def initialize(material, params = {})
  @material = material
  @params   = Hash(params).clone.freeze
  validate
  @is_private = compute_private?
  @is_public  = compute_public?
  freeze
end

Instance Attribute Details

#materialObject (readonly)

Returns The underlying key material.

Returns:

  • (Object)

    The underlying key material



47
48
49
 
# File 'lib/linzer/key.rb', line 47

def material
  @material
end

Instance Method Details

#key_idString?

Returns the key identifier.

The key ID is used in the ‘keyid` parameter of HTTP signatures to identify which key was used for signing.

Returns:

  • (String, nil)

    The key identifier, or nil if not set



55
56
57
 
# File 'lib/linzer/key.rb', line 55

def key_id
  @params[:id]
end

#private?Boolean

Checks if this key can be used for signing.

Returns:

  • (Boolean)

    true if the key contains private key material



95
96
97
 
# File 'lib/linzer/key.rb', line 95

def private?
  @is_private
end

#public?Boolean

Checks if this key can be used for signature verification.

Returns:

  • (Boolean)

    true if the key contains public key material



88
89
90
 
# File 'lib/linzer/key.rb', line 88

def public?
  @is_public
end

#sign(*args) ⇒ String

This method is abstract.

Subclasses must override this method.

Signs data using this key.

Parameters:

  • args (Array)

    Implementation-specific arguments (typically data to sign)

Returns:

  • (String)

    The signature bytes

Raises:

  • (Error)

    If called on the abstract base class

  • (SigningError)

    If the key cannot be used for signing



67
68
69
70
 
# File 'lib/linzer/key.rb', line 67

def sign(*args)
  abstract_error = "Cannot sign data, \"#{self.class}\" is an abstract class."
  raise Error, abstract_error
end

#verify(*args) ⇒ Boolean

This method is abstract.

Subclasses must override this method.

Verifies a signature against data using this key.

Parameters:

  • args (Array)

    Implementation-specific arguments (typically signature and data)

Returns:

  • (Boolean)

    true if the signature is valid, false otherwise

Raises:

  • (Error)

    If called on the abstract base class

  • (VerifyError)

    If the key cannot be used for verification



80
81
82
83
 
# File 'lib/linzer/key.rb', line 80

def verify(*args)
  abstract_error = "Cannot verify signature, \"#{self.class}\" is an abstract class."
  raise Error, abstract_error
end