module JsonWebToken::Algorithm::Ecdsa
Sign or verify a JSON Web Signature (JWS) structure using ECDSA @see tools.ietf.org/html/rfc7518#section-3.4
Constants
- MAC_BYTE_COUNT
Public Instance Methods
@param sha_bits [String] desired security level in bits of the signature scheme @param private_key [OpenSSL::PKey::EC] key used to sign a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [BinaryString] a digital signature, or mac @example
Ecdsa.sign('256', private_key, 'signing_input').bytes # => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]
# File lib/json_web_token/algorithm/ecdsa.rb, line 28 def sign(sha_bits, private_key, signing_input) validate_key(sha_bits, private_key) der = private_key.dsa_sign_asn1(ssl_digest_hash sha_bits, signing_input) der_to_signature(der, sha_bits) end
# File lib/json_web_token/algorithm/ecdsa.rb, line 51 def ssl_digest_hash(sha_bits, signing_input) digest_new(sha_bits).digest(signing_input) end
# File lib/json_web_token/algorithm/ecdsa.rb, line 49 def validate_key_size(_sha_bits, _key); end
# File lib/json_web_token/algorithm/ecdsa.rb, line 55 def validate_signature_size(mac, sha_bits) fail('Invalid signature') unless mac && mac.bytesize == MAC_BYTE_COUNT[sha_bits] end
@param mac [BinaryString] a digital signature, or mac @param sha_bits [String] desired security level in bits of the signature scheme @param public_key [OpenSSL::PKey::EC] key used to verify a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [Boolean] a predicate to verify the signing_input for a given mac
@example
Ecdsa.verify?(< binary_string >, '256', < public_key >, 'signing_input') # => true
# File lib/json_web_token/algorithm/ecdsa.rb, line 42 def verify?(mac, sha_bits, public_key, signing_input) validate_key(sha_bits, public_key) validate_signature_size(mac, sha_bits) der = signature_to_der(mac, sha_bits) public_key.dsa_verify_asn1(ssl_digest_hash(sha_bits, signing_input), der) end