Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkey: implement PKey#encrypt, #decrypt, #sign_raw, #verify_raw, and #verify_recover #382

Merged
merged 6 commits into from
May 25, 2021

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Jun 30, 2020

Applies on top of #374 (first two commits in this PR).

This implements the rest of #370.


pkey: implement PKey#encrypt and #decrypt

Support public key encryption and decryption operations using the EVP
API.


pkey: update version reference in #sign and #verify documentation

The next release is decided to be 3.0 rather than 2.3.


pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover

Add a variant of PKey#sign and #verify that do not hash the data
automatically.

Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.

OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.


pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP API

Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
family. The definitions are now in lib/openssl/pkey.rb.

Also, recommend using those generic methods in the documentation.


pkey/ec: refactor EC#dsa_{sign,verify}_asn1 with PKey#{sign,verify}_raw

With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::EC's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.


pkey/dsa: refactor DSA#sys{sign,verify} with PKey#{sign,verify}_raw

With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::DSA's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.

@sahanaprasad07
Copy link

@rhenium Hello! OpenSSL 3.0 beta1 is expected to be released on June 30th [1]
Would this MR be merged after that?
Or is there any plan/possibility of it being merged earlier than the beta release?
Thank you!

[1] https://github.com/openssl/openssl/milestone/17

@rhenium
Copy link
Member Author

rhenium commented Apr 15, 2021

@rhenium Hello! OpenSSL 3.0 beta1 is expected to be released on June 30th [1]

OpenSSL 3.0 support requires more work than this, please also see #369 and #399.

I'm not planning to release a version of ruby-openssl claiming to fully support OpenSSL 3.0.0 before it's actually tagged. They have a history of changing public API a week before the stable release. :/ (e.g., bb17084)

Support public key encryption and decryption operations using the EVP
API.
The next release is decided to be 3.0 rather than 2.3.
Add a variant of PKey#sign and #verify that do not hash the data
automatically.

Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.

OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
family. The definitions are now in lib/openssl/pkey.rb.

Also, recommend using those generic methods in the documentation.
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::EC's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::DSA's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
@rhenium rhenium merged commit 809646e into ruby:master May 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants