Gets the right public key from a PKey instance
Returns a new DH instance that carries just the public information, i.e. the prime p and the generator g, but no public/private key yet. Such a pair may be generated using DH#generate_key!. The “public key” needed for a key exchange with DH#compute_key is considered as per-session information and may be retrieved with DH#pub_key once a key pair has been generated. If the current instance already contains private information (and thus a valid public/private key pair), this information will no longer be present in the new instance generated by DH#public_key. This feature is helpful for publishing the Diffie-Hellman parameters without leaking any of the private per-session information.
dh = OpenSSL::PKey::DH.new(2048) # has public and private key set public_key = dh.public_key # contains only prime and generator parameters = public_key.to_der # it's safe to publish this
Returns a new DSA instance that carries just the public key information. If the current instance has also private key information, this will no longer be present in the new instance. This feature is helpful for publishing the public key information without leaking any of the private information.
dsa = OpenSSL::PKey::DSA.new(2048) # has public and private information pub_key = dsa.public_key # has only the public part available pub_key_der = pub_key.to_der # it's safe to publish this
See the OpenSSL documentation for EC_KEY_get0_public_key()
See the OpenSSL documentation for EC_KEY_set_public_key()
Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with EC#public_key.
Makes new RSA instance containing the public key from the private key.
Encrypt string with the public key. padding defaults to PKCS1_PADDING. The encrypted string output can be decrypted using private_decrypt.
Decrypt string, which has been encrypted with the private key, with the public key. padding defaults to PKCS1_PADDING.
Adds a certificate to the context. pkey must be a corresponding private key with certificate.
Multiple certificates with different public key type can be added by repeated calls of this method, and OpenSSL will choose the most appropriate certificate during the handshake.
cert=, key=, and extra_chain_cert= are old accessor methods for setting certificate and internally call this method.
A certificate. An instance of OpenSSL::X509::Certificate.
The private key for certificate. An instance of OpenSSL::PKey::PKey.
Optional. An array of OpenSSL::X509::Certificate. When sending a certificate chain, the certificates specified by this are sent following certificate, in the order in the array.
rsa_cert = OpenSSL::X509::Certificate.new(...) rsa_pkey = OpenSSL::PKey.read(...) ca_intermediate_cert = OpenSSL::X509::Certificate.new(...) ctx.add_certificate(rsa_cert, rsa_pkey, [ca_intermediate_cert]) ecdsa_cert = ... ecdsa_pkey = ... another_ca_cert = ... ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert])
OpenSSL before the version 1.0.2 could handle only one extra chain across all key types. Calling this method discards the chain set previously.
Returns the public key associated with the SPKI, an instance of OpenSSL::PKey.
pub - the public key to be set for this instance
Sets the public key to be associated with the SPKI, an instance of OpenSSL::PKey. This should be the public key corresponding to the private key used for signing the SPKI.
If the Request specified to request the TSA certificate (Request#cert_requested = true), then this field contains the certificate of the timestamp authority.
Returns the timestamp policy object identifier of the policy this timestamp was created under. If status is GRANTED or GRANTED_WITH_MODS, this is never nil.
id = token_info.policy_id puts id -> "1.2.3.4.5"
Allows to set the object identifier that represents the timestamp policy under which the server shall create the timestamp. This may be left nil, implying that the timestamp server will issue the timestamp using some default policy.
request.policy_id = "1.2.3.4.5"
Returns the ‘short name’ of the object identifier that represents the timestamp policy under which the server shall create the timestamp.