Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkey: implement PKey#encrypt, #decrypt, #sign_raw, #verify_raw, and #verify_recover #382

Merged
merged 6 commits into from
May 25, 2021
Merged

pkey: implement PKey#encrypt, #decrypt, #sign_raw, #verify_raw, and #verify_recover #382

merged 6 commits into from
May 25, 2021

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Jun 30, 2020
edited
Loading

Applies on top of #374 (first two commits in this PR).

This implements the rest of #370.

pkey: implement PKey#encrypt and #decrypt

Support public key encryption and decryption operations using the EVP
API.

pkey: update version reference in #sign and #verify documentation

The next release is decided to be 3.0 rather than 2.3.

pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover

Add a variant of PKey#sign and #verify that do not hash the data
automatically.

Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.

OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.

pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP API

Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
family. The definitions are now in lib/openssl/pkey.rb.

Also, recommend using those generic methods in the documentation.

pkey/ec: refactor EC#dsa_{sign,verify}_asn1 with PKey#{sign,verify}_raw

With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::EC's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.

pkey/dsa: refactor DSA#sys{sign,verify} with PKey#{sign,verify}_raw

With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::DSA's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.

@rhenium rhenium mentioned this pull request Aug 21, 2020
Closed
@rhenium rhenium mentioned this pull request Mar 31, 2021
Open
@rhenium rhenium force-pushed the ky/pkey-encrypt-decrypt branch 2 times, most recently from 2a433b0 to f6bb911 Compare April 4, 2021 16:10
@rhenium rhenium mentioned this pull request Apr 13, 2021
Closed
@sahanaprasad07
Copy link

@rhenium Hello! OpenSSL 3.0 beta1 is expected to be released on June 30th [1]
Would this MR be merged after that?
Or is there any plan/possibility of it being merged earlier than the beta release?
Thank you!

[1] https://github.com/openssl/openssl/milestone/17

@rhenium
Copy link
Member Author

rhenium commented Apr 15, 2021

@rhenium Hello! OpenSSL 3.0 beta1 is expected to be released on June 30th [1]

OpenSSL 3.0 support requires more work than this, please also see #369 and #399.

I'm not planning to release a version of ruby-openssl claiming to fully support OpenSSL 3.0.0 before it's actually tagged. They have a history of changing public API a week before the stable release. :/ (e.g., bb17084)

@rhenium
pkey: implement PKey#encrypt and #decrypt
75326d4 
Support public key encryption and decryption operations using the EVP
API.
@rhenium
pkey: update version reference in #sign and #verify documentation
b8a434e 
The next release is decided to be 3.0 rather than 2.3.
@rhenium
pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover
16cca4e 
Add a variant of PKey#sign and #verify that do not hash the data
automatically.

Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.

OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
@rhenium
pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP API
2dfc177 
Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
family. The definitions are now in lib/openssl/pkey.rb.

Also, recommend using those generic methods in the documentation.
@rhenium
pkey/ec: refactor EC#dsa_{sign,verify}_asn1 with PKey#{sign,verify}_raw
1f9da0c 
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::EC's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
@rhenium
pkey/dsa: refactor DSA#sys{sign,verify} with PKey#{sign,verify}_raw
ce805ad 
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::DSA's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
@rhenium rhenium merged commit 809646e into ruby:master May 25, 2021
@rhenium rhenium mentioned this pull request Sep 27, 2021
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rhenium @sahanaprasad07