To verify the String signature, digest, an instance of OpenSSL::Digest, must be provided to re-compute the message digest of the original data, also a String. The return value is true if the signature is valid, false otherwise. A PKeyError is raised should errors occur. Any previous state of the Digest instance is irrelevant to the validation outcome, the digest instance is reset to its initial state during the operation.
data = 'Sign me!' digest = OpenSSL::Digest.new('SHA256') pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign(digest, data) pub_key = pkey.public_key puts pub_key.verify(digest, signature, data) # => true
Verifies a timestamp token by checking the signature, validating the certificate chain implied by tsa_certificate and by checking conformance to a given Request. Mandatory parameters are the Request associated to this Response, and an OpenSSL::X509::Store of trusted roots.
Intermediate certificates can optionally be supplied for creating the certificate chain. These intermediate certificates must all be instances of OpenSSL::X509::Certificate.
If validation fails, several kinds of exceptions can be raised:
TypeError if types don’t fit
TimestampError if something is wrong with the timestamp token itself, if it is not conformant to the Request, or if validation of the timestamp certificate chain fails.
Returns the version number of the token info. With compliant servers, this value should be 1 if present. If status is GRANTED or GRANTED_WITH_MODS.
If the ordering field is missing, or if the ordering field is present and set to false, then the genTime field only indicates the time at which the time-stamp token has been created by the TSA. In such a case, the ordering of time-stamp tokens issued by the same TSA or different TSAs is only possible when the difference between the genTime of the first time-stamp token and the genTime of the second time-stamp token is greater than the sum of the accuracies of the genTime for each time-stamp token.
If the ordering field is present and set to true, every time-stamp token from the same TSA can always be ordered based on the genTime field, regardless of the genTime accuracy.
Sets the version number for this Request. This should be 1 for compliant servers.
Returns the version of this request. 1 is the default value.
Performs a certificate verification on the OpenSSL::X509::Certificate cert.
chain can be an array of OpenSSL::X509::Certificate that is used to construct the certificate chain.
If a block is given, it overrides the callback set by verify_callback=.
After finishing the verification, the error information can be retrieved by error, error_string, and the resulting complete certificate chain can be retrieved by chain.
Predefined keys cannot be closed
Update and close the session’s FileStore file.
Update and close the session’s PStore file.
Returns true if the directory may be entered by CWD/CDUP.
Returns true if the objects in the directory may be deleted, or the directory may be purged.
The first line of the human readable reply text