/*
* INIT
*/
void
Init_ossl_pkey()
{
#if 0 /* let rdoc know about mOSSL */
mOSSL = rb_define_module("OpenSSL");
#endif
mPKey = rb_define_module_under(mOSSL, "PKey");
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
rb_define_alloc_func(cPKey, ossl_pkey_alloc);
rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0);
rb_define_method(cPKey, "sign", ossl_pkey_sign, 2);
rb_define_method(cPKey, "verify", ossl_pkey_verify, 3);
id_private_q = rb_intern("private?");
/*
* INIT rsa, dsa, dh, ec
*/
Init_ossl_rsa();
Init_ossl_dsa();
Init_ossl_dh();
Init_ossl_ec();
}
/*
* INIT
*/
void
Init_ossl_pkey(void)
{
#if 0
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
#endif
/* Document-module: OpenSSL::PKey
*
* == Asymmetric Public Key Algorithms
*
* Asymmetric public key algorithms solve the problem of establishing and
* sharing secret keys to en-/decrypt messages. The key in such an
* algorithm consists of two parts: a public key that may be distributed
* to others and a private key that needs to remain secret.
*
* Messages encrypted with a public key can only be encrypted by
* recipients that are in possession of the associated private key.
* Since public key algorithms are considerably slower than symmetric
* key algorithms (cf. OpenSSL::Cipher) they are often used to establish
* a symmetric key shared between two parties that are in possession of
* each other's public key.
*
* Asymmetric algorithms offer a lot of nice features that are used in a
* lot of different areas. A very common application is the creation and
* validation of digital signatures. To sign a document, the signatory
* generally uses a message digest algorithm (cf. OpenSSL::Digest) to
* compute a digest of the document that is then encrypted (i.e. signed)
* using the private key. Anyone in possession of the public key may then
* verify the signature by computing the message digest of the original
* document on their own, decrypting the signature using the signatory's
* public key and comparing the result to the message digest they
* previously computed. The signature is valid if and only if the
* decrypted signature is equal to this message digest.
*
* The PKey module offers support for three popular public/private key
* algorithms:
* * RSA (OpenSSL::PKey::RSA)
* * DSA (OpenSSL::PKey::DSA)
* * Elliptic Curve Cryptography (OpenSSL::PKey::EC)
* Each of these implementations is in fact a sub-class of the abstract
* PKey class which offers the interface for supporting digital signatures
* in the form of PKey#sign and PKey#verify.
*
* == Diffie-Hellman Key Exchange
*
* Finally PKey also features OpenSSL::PKey::DH, an implementation of
* the Diffie-Hellman key exchange protocol based on discrete logarithms
* in finite fields, the same basis that DSA is built on.
* The Diffie-Hellman protocol can be used to exchange (symmetric) keys
* over insecure channels without needing any prior joint knowledge
* between the participating parties. As the security of DH demands
* relatively long "public keys" (i.e. the part that is overtly
* transmitted between participants) DH tends to be quite slow. If
* security or speed is your primary concern, OpenSSL::PKey::EC offers
* another implementation of the Diffie-Hellman protocol.
*
*/
mPKey = rb_define_module_under(mOSSL, "PKey");
/* Document-class: OpenSSL::PKey::PKeyError
*
*Raised when errors occur during PKey#sign or PKey#verify.
*/
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
/* Document-class: OpenSSL::PKey::PKey
*
* An abstract class that bundles signature creation (PKey#sign) and
* validation (PKey#verify) that is common to all implementations except
* OpenSSL::PKey::DH
* * OpenSSL::PKey::RSA
* * OpenSSL::PKey::DSA
* * OpenSSL::PKey::EC
*/
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
rb_define_module_function(mPKey, "read", ossl_pkey_new_from_data, -1);
rb_define_alloc_func(cPKey, ossl_pkey_alloc);
rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0);
rb_define_method(cPKey, "sign", ossl_pkey_sign, 2);
rb_define_method(cPKey, "verify", ossl_pkey_verify, 3);
id_private_q = rb_intern("private?");
/*
* INIT rsa, dsa, dh, ec
*/
Init_ossl_rsa();
Init_ossl_dsa();
Init_ossl_dh();
Init_ossl_ec();
}
