module Origami::Signature

Constants

PKCS1_RSA_SHA1
PKCS7_DETACHED
PKCS7_SHA1

Public Class Methods

compute(method, data, certificate, key, ca) click to toggle source

Computes the signature using the specified subfilter method.

# File lib/origami/signature.rb, line 356
def self.compute(method, data, certificate, key, ca)
    case method
    when PKCS7_DETACHED
        OpenSSL::PKCS7.sign(certificate, key, data, ca, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der

    when PKCS7_SHA1
        OpenSSL::PKCS7.sign(certificate, key, Digest::SHA1.digest(data), ca, OpenSSL::PKCS7::BINARY).to_der

    when PKCS1_RSA_SHA1
        key.sign(OpenSSL::Digest::SHA1.new, data)
    else
        raise NotImplementedError, "Unsupported signature method #{method.inspect}"
    end
end
required_size(method, certificate, key, ca) click to toggle source

Computes the required size in bytes for storing the signature.

# File lib/origami/signature.rb, line 349
def self.required_size(method, certificate, key, ca)
    self.compute(method, "", certificate, key, ca).size
end
verify(method, data, signature, store, flags) click to toggle source
# File lib/origami/signature.rb, line 329
def self.verify(method, data, signature, store, flags)
    case method
    when PKCS7_DETACHED
        pkcs7 = OpenSSL::PKCS7.new(signature)
        raise SignatureError, "Not a PKCS7 detached signature" unless pkcs7.detached?
        flags |= OpenSSL::PKCS7::DETACHED
        pkcs7.verify([], store, data, flags)

    when PKCS7_SHA1
        pkcs7 = OpenSSL::PKCS7.new(signature)
        pkcs7.verify([], store, nil, flags) and pkcs7.data == Digest::SHA1.digest(data)

    else
        raise NotImplementedError, "Unsupported signature method #{method.inspect}"
    end
end