Class: PQCrypto::Signature::SecretKey

Inherits:

Object

• Object
• PQCrypto::Signature::SecretKey

Defined in:

lib/pq_crypto/signature.rb

Instance Attribute Summary

• #algorithm ⇒ Object readonly

  Returns the value of attribute algorithm.

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?)
• #hash ⇒ Object
• #initialize(algorithm, bytes) ⇒ SecretKey constructor

  A new instance of SecretKey.

• #inspect ⇒ Object
• #sign(message) ⇒ Object
• #sign_io(io, chunk_size: 1 << 20, context: "".b) ⇒ Object
• #to_bytes ⇒ Object
• #to_pkcs8_der(format: :expanded) ⇒ Object
• #to_pkcs8_pem(format: :expanded) ⇒ Object
• #to_pqc_container_der ⇒ Object
• #to_pqc_container_pem ⇒ Object
• #wipe! ⇒ Object

Constructor Details

#initialize(algorithm, bytes) ⇒ SecretKey

Returns a new instance of SecretKey.

# File 'lib/pq_crypto/signature.rb', line 330

def initialize(algorithm, bytes)
  @algorithm = algorithm
  @bytes = String(bytes).b
  validate_length!
end

Instance Attribute Details

#algorithm ⇒ Object (readonly)

Returns the value of attribute algorithm.

# File 'lib/pq_crypto/signature.rb', line 328

def algorithm
  @algorithm
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

# File 'lib/pq_crypto/signature.rb', line 387

def ==(other)
  return false unless other.is_a?(SecretKey) && other.algorithm == algorithm
  PQCrypto.__send__(:native_ct_equals, other.to_bytes, @bytes)
end

#hash ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 394

def hash
  object_id.hash
end

#inspect ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 398

def inspect
  "#<#{self.class}:0x#{object_id.to_s(16)} algorithm=#{algorithm.inspect}>"
end

#sign(message) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 372

def sign(message)
  PQCrypto.__send__(Signature.send(:native_method_for, @algorithm, :sign), String(message).b, @bytes)
rescue ArgumentError => e
  raise InvalidKeyError, e.message
end

#sign_io(io, chunk_size: 1 << 20, context: "".b) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 378

def sign_io(io, chunk_size: 1 << 20, context: "".b)
  Signature.send(:_streaming_sign, self, io, chunk_size, context)
end

#to_bytes ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 336

def to_bytes
  @bytes.dup
end

#to_pkcs8_der(format: :expanded) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 348

def to_pkcs8_der(format: :expanded)
  case format
  when :expanded
    PKCS8.encode_der(@algorithm, @bytes, format: :expanded)
  when :seed, :both
    raise SerializationError,
          "ML-DSA seed/both PKCS#8 export requires original seed material; use PQCrypto::PKCS8.encode_der/encode_pem directly"
  else
    raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
  end
end

#to_pkcs8_pem(format: :expanded) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 360

def to_pkcs8_pem(format: :expanded)
  case format
  when :expanded
    PKCS8.encode_pem(@algorithm, @bytes, format: :expanded)
  when :seed, :both
    raise SerializationError,
          "ML-DSA seed/both PKCS#8 export requires original seed material; use PQCrypto::PKCS8.encode_der/encode_pem directly"
  else
    raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
  end
end

#to_pqc_container_der ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 340

def to_pqc_container_der
  Serialization.secret_key_to_pqc_container_der(@algorithm, @bytes)
end

#to_pqc_container_pem ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 344

def to_pqc_container_pem
  Serialization.secret_key_to_pqc_container_pem(@algorithm, @bytes)
end

#wipe! ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 382

def wipe!
  PQCrypto.secure_wipe(@bytes)
  self
end