Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’
This adds a new ObjectId
to the internal tables. Where object_id is the numerical form, short_name is the short name, and long_name is the long name.
Returns true
if successful. Raises an OpenSSL::ASN1::ASN1Error
if it fails.
key - the public key to be used for verifying the SPKI
signature
Returns true
if the signature is valid, false
otherwise. To verify an SPKI
, the public key contained within the SPKI
should be used.
Returns the challenge string associated with this SPKI
.
str - the challenge string to be set for this instance
Sets the challenge to be associated with the SPKI
. May be used by the server, e.g. to prevent replay.
Returns all certificate IDs in this request.
Verifies this request using the given certificates and store. certificates is an array of OpenSSL::X509::Certificate
, store is an OpenSSL::X509::Store
.
Note that false
is returned if the request does not have a signature. Use signed?
to check whether the request is signed or not.
Verifies the signature of the response using the given certificates and store. This works in the similar way as OpenSSL::OCSP::Request#verify
.
Returns the CertificateId
for which this SingleResponse
is.
Returns the serial number of the certificate for which status is being requested.
To verify the String
signature, digest, an instance of OpenSSL::Digest
, must be provided to re-compute the message digest of the original data, also a String
. The return value is true
if the signature is valid, false
otherwise. A PKeyError
is raised should errors occur. Any previous state of the Digest
instance is irrelevant to the validation outcome, the digest instance is reset to its initial state during the operation.
data = 'Sign me!' digest = OpenSSL::Digest::SHA256.new pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign(digest, data) pub_key = pkey.public_key puts pub_key.verify(digest, signature, data) # => true
Verifies whether the signature is valid given the message digest input. It does so by validating sig using the public key of this DSA
instance.
digest is a message digest of the original input data to be signed
sig is a DSA
signature value
dsa = OpenSSL::PKey::DSA.new(2048) doc = "Sign me" digest = OpenSSL::Digest::SHA1.digest(doc) sig = dsa.syssign(digest) puts dsa.sysverify(digest, sig) # => true
Performs a certificate verification on the OpenSSL::X509::Certificate
cert.
chain can be an array of OpenSSL::X509::Certificate
that is used to construct the certificate chain.
If a block is given, it overrides the callback set by verify_callback=
.
After finishing the verification, the error information can be retrieved by error
, error_string
, and the resulting complete certificate chain can be retrieved by chain
.