class
v2_5_5 -
Show latest stable
-
0 notes
- Superclass:
Object
- 1_8_6_287
- 1_8_7_72
- 1_8_7_330
- 1_9_1_378 (0)
- 1_9_2_180 (0)
- 1_9_3_125 (0)
- 1_9_3_392 (0)
- 2_1_10 (38)
- 2_2_9 (0)
- 2_4_6 (0)
- 2_5_5 (0)
- 2_6_3 (0)
- What's this?
A Simple Public Key Infrastructure implementation (pronounced “spooky”). The structure is defined as
PublicKeyAndChallenge ::= SEQUENCE { spki SubjectPublicKeyInfo, challenge IA5STRING } SignedPublicKeyAndChallenge ::= SEQUENCE { publicKeyAndChallenge PublicKeyAndChallenge, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
where the definitions of SubjectPublicKeyInfo and AlgorithmIdentifier can be found in RFC5280. SPKI is typically used in browsers for generating a public/private key pair and a subsequent certificate request, using the HTML <keygen> element.
Examples
Creating an SPKI
key = OpenSSL::PKey::RSA.new 2048 spki = OpenSSL::Netscape::SPKI.new spki.challenge = "RandomChallenge" spki.public_key = key.public_key spki.sign(key, OpenSSL::Digest::SHA256.new) #send a request containing this to a server generating a certificate
Verifying an SPKI request
request = #... spki = OpenSSL::Netscape::SPKI.new request unless spki.verify(spki.public_key) # signature is invalid end #proceed