Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’
This adds a new ObjectId to the internal tables. Where object_id is the numerical form, short_name is the short name, and long_name is the long name.
Returns true if successful. Raises an OpenSSL::ASN1::ASN1Error if it fails.
key - the public key to be used for verifying the SPKI signature
Returns true if the signature is valid, false otherwise. To verify an SPKI, the public key contained within the SPKI should be used.
Verifies this request using the given certificates and store. certificates is an array of OpenSSL::X509::Certificate, store is an OpenSSL::X509::Store.
Note that false is returned if the request does not have a signature. Use signed? to check whether the request is signed or not.
Verifies the signature of the response using the given certificates and store. This works in the similar way as OpenSSL::OCSP::Request#verify.
Verifies the signature for the data using a message digest algorithm digest and a public key pkey.
Returns true if the signature is successfully verified, false otherwise. The caller must check the return value.
See sign for the signing operation and an example.
See also the man page EVP_DigestVerify(3).
Derives a shared secret from pkey and peer_pkey. pkey must contain the private components, peer_pkey must contain the public components.
Performs a public key encryption operation using pkey.
See decrypt for the reverse operation.
Added in version 3.0. See also the man page EVP_PKEY_encrypt(3).
dataA String to be encrypted.
optionsA Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details.
Example:
pkey = OpenSSL::PKey.generate_key("RSA", rsa_keygen_bits: 2048) data = "secret data" encrypted = pkey.encrypt(data, rsa_padding_mode: "oaep") decrypted = pkey.decrypt(data, rsa_padding_mode: "oaep") p decrypted #=> "secret data"
Performs a public key decryption operation using pkey.
See encrypt for a description of the parameters and an example.
Added in version 3.0. See also the man page EVP_PKEY_decrypt(3).
Returns the time at which the session was established.
Sets start time of the session. Time resolution is in seconds.
Returns the timeout value set for the session, in seconds from the established time.
Sets how long until the session expires in seconds.
Verifies a timestamp token by checking the signature, validating the certificate chain implied by tsa_certificate and by checking conformance to a given Request. Mandatory parameters are the Request associated to this Response, and an OpenSSL::X509::Store of trusted roots.
Intermediate certificates can optionally be supplied for creating the certificate chain. These intermediate certificates must all be instances of OpenSSL::X509::Certificate.
If validation fails, several kinds of exceptions can be raised:
TypeError if types don’t fit
TimestampError if something is wrong with the timestamp token itself, if it is not conformant to the Request, or if validation of the timestamp certificate chain fails.
If the ordering field is missing, or if the ordering field is present and set to false, then the genTime field only indicates the time at which the time-stamp token has been created by the TSA. In such a case, the ordering of time-stamp tokens issued by the same TSA or different TSAs is only possible when the difference between the genTime of the first time-stamp token and the genTime of the second time-stamp token is greater than the sum of the accuracies of the genTime for each time-stamp token.
If the ordering field is present and set to true, every time-stamp token from the same TSA can always be ordered based on the genTime field, regardless of the genTime accuracy.
If the timestamp token is valid then this field contains the same nonce that was passed to the timestamp server in the initial Request.
Sets the nonce (number used once) that the server shall include in its response. If the nonce is set, the server must return the same nonce value in a valid Response.
Returns the nonce (number used once) that the server shall include in its response.
Sets the store’s default verification purpose. If specified, the verifications on the store will check every certificate’s extensions are consistent with the purpose. The purpose is specified by constants:
X509::PURPOSE_SSL_CLIENT
X509::PURPOSE_SSL_SERVER
X509::PURPOSE_NS_SSL_SERVER
X509::PURPOSE_SMIME_SIGN
X509::PURPOSE_SMIME_ENCRYPT
X509::PURPOSE_CRL_SIGN
X509::PURPOSE_ANY
X509::PURPOSE_OCSP_HELPER
X509::PURPOSE_TIMESTAMP_SIGN
OpenSSL::X509::StoreContext#purpose= can be used to change the value for a single verification operation.
See also the man page X509_VERIFY_PARAM_set_purpose(3).
Sets the time to be used in the certificate verifications with the store. By default, if not specified, the current system time is used.
OpenSSL::X509::StoreContext#time= can be used to change the value for a single verification operation.
See also the man page X509_VERIFY_PARAM_set_time(3).