Encrypt string with the public key. padding defaults to PKCS1_PADDING, which is known to be insecure but is kept for backwards compatibility. The encrypted string output can be decrypted using private_decrypt.
Deprecated in version 3.0. Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
Decrypt string, which has been encrypted with the public key, with the private key. padding defaults to PKCS1_PADDING, which is known to be insecure but is kept for backwards compatibility.
Deprecated in version 3.0. Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
Serializes a private or public key to a DER-encoding.
See to_pem for details.
This method is kept for compatibility. This should only be used when the PKCS #1 RSAPrivateKey format is required.
Consider using public_to_der or private_to_der instead.
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
The return value is true if the signature is valid, false otherwise. RSAError will be raised if an error occurs.
See sign_pss for the signing operation and an example code.
A String containing the message digest algorithm name.
A String. The data to be signed.
The length in octets of the salt. Two special values are reserved: :digest means the digest length, and :auto means automatically determining the length based on the signature.
The hash algorithm used in MGF1.
Sets n, e, d for the RSA instance.
Returns the security level for the context.
See also OpenSSL::SSL::SSLContext#security_level=.
Sets the security level for the context. OpenSSL limits parameters according to the level. The “parameters” include: ciphersuites, curves, key sizes, certificate signature algorithms, protocol version and so on. For example, level 1 rejects parameters offering below 80 bits of security, such as ciphersuites using MD5 for the MAC or RSA keys shorter than 1024 bits.
Note that attempts to set such parameters with insufficient security are also blocked. You need to lower the level first.
This feature is not supported in OpenSSL < 1.1.0, and setting the level to other than 0 will raise NotImplementedError. Level 0 means everything is permitted, the same behavior as previous versions of OpenSSL.
See the manpage of SSL_CTX_set_security_level(3) for details.
A non-blocking version of sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.
Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.
Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.
Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.
If no peer certificate was presented X509_V_OK is returned.
Returns the protocol string that was finally selected by the client during the handshake.
Converts the name to DER encoding
Returns the human readable error string corresponding to the error code retrieved by error.
See also the man page X509_verify_cert_error_string(3).
Returns the certificate which caused the error.
See also the man page X509_STORE_CTX_get_current_cert(3).
Encodes this ASN1Data into a DER-encoded String value. The result is DER-encoded except for the possibility of indefinite length forms. Indefinite length forms are not allowed in strict DER, so strictly speaking the result of such an encoding would be a BER-encoding.