/* * INIT */ void Init_ossl_pkey() { #if 0 /* let rdoc know about mOSSL */ mOSSL = rb_define_module("OpenSSL"); #endif mPKey = rb_define_module_under(mOSSL, "PKey"); ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError); cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); rb_define_alloc_func(cPKey, ossl_pkey_alloc); rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0); rb_define_method(cPKey, "sign", ossl_pkey_sign, 2); rb_define_method(cPKey, "verify", ossl_pkey_verify, 3); id_private_q = rb_intern("private?"); /* * INIT rsa, dsa, dh, ec */ Init_ossl_rsa(); Init_ossl_dsa(); Init_ossl_dh(); Init_ossl_ec(); }
/* * INIT */ void Init_ossl_pkey(void) { #if 0 mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */ #endif /* Document-module: OpenSSL::PKey * * == Asymmetric Public Key Algorithms * * Asymmetric public key algorithms solve the problem of establishing and * sharing secret keys to en-/decrypt messages. The key in such an * algorithm consists of two parts: a public key that may be distributed * to others and a private key that needs to remain secret. * * Messages encrypted with a public key can only be encrypted by * recipients that are in possession of the associated private key. * Since public key algorithms are considerably slower than symmetric * key algorithms (cf. OpenSSL::Cipher) they are often used to establish * a symmetric key shared between two parties that are in possession of * each other's public key. * * Asymmetric algorithms offer a lot of nice features that are used in a * lot of different areas. A very common application is the creation and * validation of digital signatures. To sign a document, the signatory * generally uses a message digest algorithm (cf. OpenSSL::Digest) to * compute a digest of the document that is then encrypted (i.e. signed) * using the private key. Anyone in possession of the public key may then * verify the signature by computing the message digest of the original * document on their own, decrypting the signature using the signatory's * public key and comparing the result to the message digest they * previously computed. The signature is valid if and only if the * decrypted signature is equal to this message digest. * * The PKey module offers support for three popular public/private key * algorithms: * * RSA (OpenSSL::PKey::RSA) * * DSA (OpenSSL::PKey::DSA) * * Elliptic Curve Cryptography (OpenSSL::PKey::EC) * Each of these implementations is in fact a sub-class of the abstract * PKey class which offers the interface for supporting digital signatures * in the form of PKey#sign and PKey#verify. * * == Diffie-Hellman Key Exchange * * Finally PKey also features OpenSSL::PKey::DH, an implementation of * the Diffie-Hellman key exchange protocol based on discrete logarithms * in finite fields, the same basis that DSA is built on. * The Diffie-Hellman protocol can be used to exchange (symmetric) keys * over insecure channels without needing any prior joint knowledge * between the participating parties. As the security of DH demands * relatively long "public keys" (i.e. the part that is overtly * transmitted between participants) DH tends to be quite slow. If * security or speed is your primary concern, OpenSSL::PKey::EC offers * another implementation of the Diffie-Hellman protocol. * */ mPKey = rb_define_module_under(mOSSL, "PKey"); /* Document-class: OpenSSL::PKey::PKeyError * *Raised when errors occur during PKey#sign or PKey#verify. */ ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError); /* Document-class: OpenSSL::PKey::PKey * * An abstract class that bundles signature creation (PKey#sign) and * validation (PKey#verify) that is common to all implementations except * OpenSSL::PKey::DH * * OpenSSL::PKey::RSA * * OpenSSL::PKey::DSA * * OpenSSL::PKey::EC */ cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); rb_define_module_function(mPKey, "read", ossl_pkey_new_from_data, -1); rb_define_alloc_func(cPKey, ossl_pkey_alloc); rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0); rb_define_method(cPKey, "sign", ossl_pkey_sign, 2); rb_define_method(cPKey, "verify", ossl_pkey_verify, 3); id_private_q = rb_intern("private?"); /* * INIT rsa, dsa, dh, ec */ Init_ossl_rsa(); Init_ossl_dsa(); Init_ossl_dh(); Init_ossl_ec(); }