module JsonWebToken::Algorithm::Ecdsa

Sign or verify a JSON Web Signature (JWS) structure using ECDSA @see tools.ietf.org/html/rfc7518#section-3.4

Constants

MAC_BYTE_COUNT

Public Instance Methods

sign(sha_bits, private_key, signing_input) click to toggle source

@param sha_bits [String] desired security level in bits of the signature scheme @param private_key [OpenSSL::PKey::EC] key used to sign a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [BinaryString] a digital signature, or mac @example

Ecdsa.sign('256', private_key, 'signing_input').bytes
# => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]
# File lib/json_web_token/algorithm/ecdsa.rb, line 28
def sign(sha_bits, private_key, signing_input)
  validate_key(sha_bits, private_key)
  der = private_key.dsa_sign_asn1(ssl_digest_hash sha_bits, signing_input)
  der_to_signature(der, sha_bits)
end
ssl_digest_hash(sha_bits, signing_input) click to toggle source
# File lib/json_web_token/algorithm/ecdsa.rb, line 51
def ssl_digest_hash(sha_bits, signing_input)
  digest_new(sha_bits).digest(signing_input)
end
validate_key_size(_sha_bits, _key) click to toggle source
# File lib/json_web_token/algorithm/ecdsa.rb, line 49
def validate_key_size(_sha_bits, _key); end
validate_signature_size(mac, sha_bits) click to toggle source
# File lib/json_web_token/algorithm/ecdsa.rb, line 55
def validate_signature_size(mac, sha_bits)
  fail('Invalid signature') unless mac && mac.bytesize == MAC_BYTE_COUNT[sha_bits]
end
verify?(mac, sha_bits, public_key, signing_input) click to toggle source

@param mac [BinaryString] a digital signature, or mac @param sha_bits [String] desired security level in bits of the signature scheme @param public_key [OpenSSL::PKey::EC] key used to verify a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [Boolean] a predicate to verify the signing_input for a given mac @example

Ecdsa.verify?(< binary_string >, '256', < public_key >, 'signing_input')
# => true
# File lib/json_web_token/algorithm/ecdsa.rb, line 42
def verify?(mac, sha_bits, public_key, signing_input)
  validate_key(sha_bits, public_key)
  validate_signature_size(mac, sha_bits)
  der = signature_to_der(mac, sha_bits)
  public_key.dsa_verify_asn1(ssl_digest_hash(sha_bits, signing_input), der)
end