Class: PQCrypto::Signature::SecretKey

Inherits:

Object

• Object
• PQCrypto::Signature::SecretKey

Defined in:

lib/pq_crypto/signature.rb

Instance Attribute Summary

• #algorithm ⇒ Object readonly

  Returns the value of attribute algorithm.

Class Method Summary

• .from_seed(algorithm, seed) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?)
• #hash ⇒ Object
• #initialize(algorithm, bytes, seed: nil) ⇒ SecretKey constructor

  A new instance of SecretKey.

• #inspect ⇒ Object
• #sign(message, context: "".b) ⇒ Object
• #sign_io(io, chunk_size: 1 << 20, context: "".b) ⇒ Object
• #to_bytes ⇒ Object
• #to_pkcs8_der(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS) ⇒ Object
• #to_pkcs8_pem(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS) ⇒ Object
• #to_pqc_container_der ⇒ Object
• #to_pqc_container_pem ⇒ Object
• #wipe! ⇒ Object

Constructor Details

#initialize(algorithm, bytes, seed: nil) ⇒ SecretKey

Returns a new instance of SecretKey.

# File 'lib/pq_crypto/signature.rb', line 346

def initialize(algorithm, bytes, seed: nil)
  @algorithm = algorithm
  @bytes = String(bytes).b
  @seed = seed.nil? ? nil : String(seed).b
  validate_length!
  validate_seed_length! if @seed
end

Instance Attribute Details

#algorithm ⇒ Object (readonly)

Returns the value of attribute algorithm.

# File 'lib/pq_crypto/signature.rb', line 344

def algorithm
  @algorithm
end

Class Method Details

.from_seed(algorithm, seed) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 354

def self.from_seed(algorithm, seed)
  seed_bytes = String(seed).b
  _public_key, expanded = PQCrypto.__send__(Signature.send(:native_method_for, algorithm, :keypair_from_seed), seed_bytes)
  new(algorithm, expanded, seed: seed_bytes)
rescue ArgumentError => e
  raise InvalidKeyError, e.message
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

# File 'lib/pq_crypto/signature.rb', line 423

def ==(other)
  return false unless other.is_a?(SecretKey) && other.algorithm == algorithm
  PQCrypto.__send__(:native_ct_equals, other.send(:bytes_for_native), @bytes)
end

#hash ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 430

def hash
  object_id.hash
end

#inspect ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 434

def inspect
  "#<#{self.class}:0x#{object_id.to_s(16)} algorithm=#{algorithm.inspect}>"
end

#sign(message, context: "".b) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 404

def sign(message, context: "".b)
  context = Signature.send(:validate_context!, context)
  begin
    PQCrypto.__send__(Signature.send(:native_method_for, @algorithm, :sign), String(message).b, @bytes, context)
  rescue ArgumentError => e
    raise InvalidKeyError, e.message
  end
end

#sign_io(io, chunk_size: 1 << 20, context: "".b) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 413

def sign_io(io, chunk_size: 1 << 20, context: "".b)
  Signature.send(:_streaming_sign, self, io, chunk_size, context)
end

#to_bytes ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 362

def to_bytes
  @bytes.dup
end

#to_pkcs8_der(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 374

def to_pkcs8_der(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS)
  case format
  when :expanded
    PKCS8.encode_der(@algorithm, @bytes, format: :expanded, passphrase: passphrase, iterations: iterations)
  when :seed
    ensure_seed_available!(format)
    PKCS8.encode_der(@algorithm, @seed, format: :seed, passphrase: passphrase, iterations: iterations)
  when :both
    ensure_seed_available!(format)
    PKCS8.encode_der(@algorithm, [@seed, @bytes], format: :both, passphrase: passphrase, iterations: iterations)
  else
    raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
  end
end

#to_pkcs8_pem(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS) ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 389

def to_pkcs8_pem(format: :expanded, passphrase: nil, iterations: PKCS8::ENCRYPTED_PKCS8_DEFAULT_ITERATIONS)
  case format
  when :expanded
    PKCS8.encode_pem(@algorithm, @bytes, format: :expanded, passphrase: passphrase, iterations: iterations)
  when :seed
    ensure_seed_available!(format)
    PKCS8.encode_pem(@algorithm, @seed, format: :seed, passphrase: passphrase, iterations: iterations)
  when :both
    ensure_seed_available!(format)
    PKCS8.encode_pem(@algorithm, [@seed, @bytes], format: :both, passphrase: passphrase, iterations: iterations)
  else
    raise SerializationError, "Unsupported PKCS#8 private key format: #{format.inspect}"
  end
end

#to_pqc_container_der ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 366

def to_pqc_container_der
  Serialization.secret_key_to_pqc_container_der(@algorithm, @bytes)
end

#to_pqc_container_pem ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 370

def to_pqc_container_pem
  Serialization.secret_key_to_pqc_container_pem(@algorithm, @bytes)
end

#wipe! ⇒ Object

# File 'lib/pq_crypto/signature.rb', line 417

def wipe!
  PQCrypto.secure_wipe(@bytes)
  PQCrypto.secure_wipe(@seed) if @seed
  self
end