Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’
This adds a new ObjectId to the internal tables. Where object_id is the numerical form, short_name is the short name, and long_name is the long name.
Returns true if successful. Raises an OpenSSL::ASN1::ASN1Error if it fails.
key - the public key to be used for verifying the SPKI signature
Returns true if the signature is valid, false otherwise. To verify an SPKI, the public key contained within the SPKI should be used.
Verifies this request using the given certificates and store. certificates is an array of OpenSSL::X509::Certificate, store is an OpenSSL::X509::Store.
Note that false is returned if the request does not have a signature. Use signed? to check whether the request is signed or not.
Verifies the signature of the response using the given certificates and store. This works in the similar way as OpenSSL::OCSP::Request#verify.
To verify the String signature, digest, an instance of OpenSSL::Digest, must be provided to re-compute the message digest of the original data, also a String. The return value is true if the signature is valid, false otherwise. A PKeyError is raised should errors occur. Any previous state of the Digest instance is irrelevant to the validation outcome, the digest instance is reset to its initial state during the operation.
data = 'Sign me!' digest = OpenSSL::Digest::SHA256.new pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign(digest, data) pub_key = pkey.public_key puts pub_key.verify(digest, signature, data) # => true
Creates a new DH instance from scratch by generating the private and public components alike.
size is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
generator is a small number > 1, typically 2 or 5.
Creates a new DSA instance by generating a private/public key pair from scratch.
size is an integer representing the desired key size.
Verifies whether the signature is valid given the message digest input. It does so by validating sig using the public key of this DSA instance.
digest is a message digest of the original input data to be signed
sig is a DSA signature value
dsa = OpenSSL::PKey::DSA.new(2048) doc = "Sign me" digest = OpenSSL::Digest::SHA1.digest(doc) sig = dsa.syssign(digest) puts dsa.sysverify(digest, sig) # => true
Creates a new EC instance with a new random private and public key.
Generates an RSA keypair. size is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. exponent is an odd number normally 3, 17, or 65537.
Returns the time at which the session was established.
Sets start time of the session. Time resolution is in seconds.
Returns the timeout value set for the session, in seconds from the established time.
Sets how long until the session expires in seconds.
Sets the store’s purpose to purpose. If specified, the verifications on the store will check every untrusted certificate’s extensions are consistent with the purpose. The purpose is specified by constants:
X509::PURPOSE_SSL_CLIENT
X509::PURPOSE_SSL_SERVER
X509::PURPOSE_NS_SSL_SERVER
X509::PURPOSE_SMIME_SIGN
X509::PURPOSE_SMIME_ENCRYPT
X509::PURPOSE_CRL_SIGN
X509::PURPOSE_ANY
X509::PURPOSE_OCSP_HELPER
X509::PURPOSE_TIMESTAMP_SIGN
Sets the time to be used in verifications.
Performs a certificate verification on the OpenSSL::X509::Certificate cert.
chain can be an array of OpenSSL::X509::Certificate that is used to construct the certificate chain.
If a block is given, it overrides the callback set by verify_callback=.
After finishing the verification, the error information can be retrieved by error, error_string, and the resulting complete certificate chain can be retrieved by chain.