Closed
Description
We currently provide wrappers for the public key cryptographic functions in each OpenSSL::PKey subclass. They have to be rewritten sooner or later to migrate to the EVP API from the low-level API, which is legacy and being deprecated by OpenSSL (#369).
Also, they don't have consistent method naming and signatures across those classes. It sounds like it's a good time to reorganize.
- OpenSSL::PKey::RSA#private_encrypt and #public_decrypt
- → OpenSSL::PKey::PKey#{sign,verify}_raw
- OpenSSL::PKey::DSA#syssign and #sysverify
- → OpenSSL::PKey::PKey#{sign,verify}_raw
- OpenSSL::PKey::EC#dsa_sign_asn1 and #dsa_verify_asn1
- → OpenSSL::PKey::PKey#{sign,verify}_raw
- OpenSSL::PKey::RSA#public_encrypt and #private_decrypt
- → OpenSSL::PKey::PKey#{encrypt,decrypt}
- OpenSSL::PKey::DH#compute_key
- → OpenSSL::PKey::PKey#derive
- OpenSSL::PKey::EC#dh_compute_key
- → OpenSSL::PKey::PKey#derive
Wrappers should be implemented within OpenSSL::PKey for:
- EVP_DigestSign*() and EVP_DigestVerify*() - Signing operation
- Implemented as
#signand#verify.
- Implemented as
- EVP_PKEY_sign() and EVP_PKEY_verify() - Signing operation
- Similar as above, but do not hash passed data.
- Implemented as
#sign_rawand#verify_rawin pkey: implement PKey#encrypt, #decrypt, #sign_raw, #verify_raw, and #verify_recover #382.
- EVP_PKEY_derive() - Key agreement
- Implemented as
#derivein pkey: add more support for 'generic' pkey types #329.
- Implemented as
- EVP_PKEY_encrypt() and EVP_PKEY_decrypt() - Public key encryption
- Implemented as
#encryptand#decryptin pkey: implement PKey#encrypt, #decrypt, #sign_raw, #verify_raw, and #verify_recover #382.
- Implemented as
Metadata
Metadata
Assignees
Labels
No labels