Class: Linzer::RSAPSS::Key

Inherits:

Key

Object
Key
Linzer::RSAPSS::Key

show all

Defined in:: lib/linzer/rsa_pss.rb

Overview

Note:

RSA-PSS signatures are non-deterministic due to random salt. The same data signed twice will produce different signatures, but both will verify successfully.

RSA-PSS signing key implementation.

Uses the ‘rsa-pss-sha512` algorithm identifier with a 64-byte salt.

Examples:

Generating a new key

key = Linzer.generate_rsa_pss_sha512_key(2048, "my-key")

Loading from PEM

key = Linzer.new_rsa_pss_sha512_key(File.read("rsa_pss.pem"), "key-1")

Instance Attribute Summary

Attributes inherited from Key

#material

Instance Method Summary collapse

#sign(data) ⇒ String

Signs data using RSA-PSS.
#validate ⇒ Object private
#verify(signature, data) ⇒ Boolean

Verifies an RSA-PSS signature.

Methods inherited from Key

#initialize, #key_id, #private?, #public?

Constructor Details

This class inherits a constructor from Linzer::Key

Instance Method Details

#sign(data) ⇒ `String`

Note:

The signature is non-deterministic due to random PSS salt.

Signs data using RSA-PSS.

Parameters:

data (String) —

The data to sign

Returns:

(String) —

The RSA-PSS signature

Raises:

(SigningError) —

If this key does not contain private key material

# File 'lib/linzer/rsa_pss.rb', line 47

def sign(data)
  validate_signing_key
  material.sign(@params[:digest], data, signature_options)
end

#validate ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/linzer/rsa_pss.rb', line 35

def validate
  super
  validate_digest
end

#verify(signature, data) ⇒ `Boolean`

Verifies an RSA-PSS signature.