Returns the PEM encoding of this SPKI.
Returns a textual representation of this SPKI, useful for debugging purposes.
Returns this request as a DER-encoded string
Returns this response as a DER-encoded string.
Adds a certificate status for certificate_id. status is the status, and must be one of these:
OpenSSL::OCSP::V_CERTSTATUS_GOOD
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
reason and revocation_time can be given only when status is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which ths status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array of OpenSSL::X509::Extension to be included in the SingleResponse. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of Integer or Time object. If they are Integer, it is treated as the relative seconds from the current time.
Returns a SingleResponse whose CertId matches with certificate_id, or nil if this BasicResponse does not contain it.
Encodes this basic response into a DER-encoded string.
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
V_CERTSTATUS_GOOD
V_CERTSTATUS_REVOKED
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by revocation_time.
Encodes this SingleResponse into a DER-encoded string.
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
Encodes this certificate identifier into a DER-encoded string.
Prints all parameters of key to buffer INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use :-)) (I’s up to you)
Encodes this DH to its DER encoding. Note that any existing per-session public/private keys will not get encoded, just the Diffie-Hellman parameters will be encoded.
Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will not get encoded, just the Diffie-Hellman parameters will be encoded.
Prints all parameters of key to buffer INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use :-)) (I’s up to you)
Encodes this DSA to its DER encoding.
Encodes this DSA to its PEM encoding.
cipher is an OpenSSL::Cipher.
password is a string containing your password.
DSA.to_pem -> aString DSA.to_pem(cipher, 'mypassword') -> aString
See the OpenSSL documentation for i2d_ECPrivateKey_bio()
See the OpenSSL documentation for EC_KEY_print()
Outputs the EC key in PEM encoding. If cipher and pass_phrase are given they will be used to encrypt the key. cipher must be an OpenSSL::Cipher instance. Note that encryption will only be effective for a private key, public keys will always be encoded in plain text.
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Dumps all parameters of a keypair to a String
Don’t use :-)) (It’s up to you)
Outputs this keypair in DER encoding.
Signs data using the Probabilistic Signature Scheme (RSA-PSS) and returns the calculated signature.
RSAError will be raised if an error occurs.
See verify_pss for the verification operation.
A String containing the message digest algorithm name.
A String. The data to be signed.
The length in octets of the salt. Two special values are reserved: :digest means the digest length, and :max means the maximum possible length for the combination of the private key and the selected message digest algorithm.
The hash algorithm used in MGF1 (the currently supported mask generation function (MGF)).
data = "Sign me!" pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256") pub_key = pkey.public_key puts pub_key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256") # => true
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
The return value is true if the signature is valid, false otherwise. RSAError will be raised if an error occurs.
See sign_pss for the signing operation and an example code.
A String containing the message digest algorithm name.
A String. The data to be signed.
The length in octets of the salt. Two special values are reserved: :digest means the digest length, and :auto means automatically determining the length based on the signature.
The hash algorithm used in MGF1.