module JsonWebToken::Algorithm::Rsa

Sign or verify a JSON Web Signature (JWS) structure using RSASSA-PKCS-v1_5 @see tools.ietf.org/html/rfc7518#section-3.3

Constants

KEY_BITS_MIN

Public Instance Methods

sign(sha_bits, private_key, signing_input) click to toggle source

@param sha_bits [String] desired security level in bits of the signature scheme @param private_key [OpenSSL::PKey::RSA] key used to sign a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [BinaryString] a digital signature, or mac @example

Rsa.sign('256', < private_key >, 'signing_input').bytes.length
# => 256
# File lib/json_web_token/algorithm/rsa.rb, line 21
def sign(sha_bits, private_key, signing_input)
  validate_key(sha_bits, private_key)
  private_key.sign(digest_new(sha_bits), signing_input)
end
validate_key_size(_sha_bits, key) click to toggle source
# File lib/json_web_token/algorithm/rsa.rb, line 39
def validate_key_size(_sha_bits, key)
  fail('Invalid key: RSA modulus too small') if weak_key?(key)
end
verify?(mac, sha_bits, public_key, signing_input) click to toggle source

@param mac [BinaryString] a digital signature, or mac @param sha_bits [String] desired security level in bits of the signature scheme @param public_key [OpenSSL::PKey::RSA] key used to verify a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [Boolean] a predicate to verify the signing_input for a given mac @example

Rsa.verify?(< binary_string >, '256', < public_key >, 'signing_input')
# => true
# File lib/json_web_token/algorithm/rsa.rb, line 34
def verify?(mac, sha_bits, public_key, signing_input)
  validate_key(sha_bits, public_key)
  public_key.verify(digest_new(sha_bits), mac, signing_input)
end
weak_key?(key) click to toggle source

github.com/ruby/openssl/issues/5

# File lib/json_web_token/algorithm/rsa.rb, line 44
def weak_key?(key)
  !key || key.n.num_bits < KEY_BITS_MIN
end