class OpenSSL::PKey::EC
OpenSSL::PKey::EC provides access to Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH).
Key exchange
ec1 = OpenSSL::PKey::EC.generate("prime256v1") ec2 = OpenSSL::PKey::EC.generate("prime256v1") # ec1 and ec2 have own private key respectively shared_key1 = ec1.dh_compute_key(ec2.public_key) shared_key2 = ec2.dh_compute_key(ec1.public_key) p shared_key1 == shared_key2 #=> true
Constants
- EXPLICIT_CURVE
- NAMED_CURVE
Public Class Methods
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6342
def self.builtin_curves: () -> Array[[ String, String ]]
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6351
def self.generate: (String | Group pem_or_der_or_group_or_curve_name) -> instance
Creates a new EC instance with a new random private and public key.
() → void
(self ec_key) → void
(Group group) → void
(String pem_or_der_or_curve, ?String pass) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6651
def initialize: () -> void
| (self ec_key) -> void
| (Group group) -> void
| (String pem_or_der_or_curve, ?String pass) -> void
Creates a new EC object from given arguments.
Public Instance Methods
() → true
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6361
def check_key: () -> true
Raises an exception if the key is invalid.
See also the man page EVP_PKEY_public_check(3).
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6373
def dh_compute_key: (Point public_key) -> String
Derives a shared secret by ECDH. pubkey must be an instance of OpenSSL::PKey::EC::Point and must belong to the same group.
This method is provided for backwards compatibility, and calls #derive internally.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6382
def dsa_sign_asn1: (String digest) -> String
<strong>Deprecated in version 3.0</strong>. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6391
def dsa_verify_asn1: (String digest, String signature) -> bool
<strong>Deprecated in version 3.0</strong>. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6449
def export: (String cipher, String password) -> String
| () -> String
Serializes a private or public key to a PEM-encoding.
When the key contains public components only : Serializes it into an X.509 SubjectPublicKeyInfo. The parameters cipher and password are ignored.
A PEM-encoded key will look like:
-----BEGIN PUBLIC KEY-----
[...]
-----END PUBLIC KEY-----
Consider using #public_to_pem instead. This serializes the key into an
X.509 SubjectPublicKeyInfo regardless of whether it is a public key or a
private key.
When the key contains private components, and no parameters are given : Serializes it into a SEC 1/RFC 5915 ECPrivateKey.
A PEM-encoded key will look like:
-----BEGIN EC PRIVATE KEY-----
[...]
-----END EC PRIVATE KEY-----
When the key contains private components, and cipher and password are given : Serializes it into a SEC 1/RFC 5915 ECPrivateKey and encrypts it in OpenSSL’s traditional PEM encryption format. cipher must be a cipher name understood by OpenSSL::Cipher.new or an instance of OpenSSL::Cipher.
An encrypted PEM-encoded key will look like:
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,733F5302505B34701FC41F5C0746E4C0
[...]
-----END EC PRIVATE KEY-----
Note that this format uses MD5 to derive the encryption key, and hence
will not be available on FIPS-compliant systems.
<strong>This method is kept for compatibility.</strong> This should only be used when the SEC 1/RFC 5915 ECPrivateKey format is required.
Consider using public_to_pem (X.509 SubjectPublicKeyInfo) or private_to_pem (PKCS #8 PrivateKeyInfo or EncryptedPrivateKeyInfo) instead.
() → self
Generates a new random private and public key.
See also the OpenSSL documentation for EC_KEY_generate_key()
Example
ec = OpenSSL::PKey::EC.new("prime256v1") p ec.private_key # => nil ec.generate_key! p ec.private_key # => #<OpenSSL::BN XXXXXX>
() → self
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6479
def generate_key!: () -> self
Generates a new random private and public key.
See also the OpenSSL documentation for EC_KEY_generate_key()
Example
ec = OpenSSL::PKey::EC.new("prime256v1") p ec.private_key # => nil ec.generate_key! p ec.private_key # => #<OpenSSL::BN XXXXXX>
() → Group?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6488
def group: () -> Group?
Returns the EC::Group that the key is associated with. Modifying the returned group does not affect key.
(Group) → Group
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6497
def group=: (Group) -> Group
Sets the EC::Group for the key. The group structure is internally copied so modification to group after assigning to a key has no effect on the key.
(self) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6661
def initialize_copy: (self) -> void
() → bool
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6506
def private?: () -> bool
Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key.
() → BN?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6514
def private_key: () -> BN?
See the OpenSSL documentation for EC_KEY_get0_private_key()
(bn priv_key) → self
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6522
def private_key=: (bn priv_key) -> self
See the OpenSSL documentation for EC_KEY_set_private_key()
() → bool
Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key.
() → bool
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6537
def public?: () -> bool
Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with EC#public_key.
() → Point?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6545
def public_key: () -> Point?
See the OpenSSL documentation for EC_KEY_get0_public_key()
(bn priv_key) → self
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6553
def public_key=: (bn priv_key) -> self
See the OpenSSL documentation for EC_KEY_set_public_key()
() → bool
Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with EC#public_key.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 6574
def to_der: () -> String
Serializes a private or public key to a DER-encoding.
See to_pem for details.
<strong>This method is kept for compatibility.</strong> This should only be used when the SEC 1/RFC 5915 ECPrivateKey format is required.
Consider using public_to_der or private_to_der instead.
Serializes a private or public key to a PEM-encoding.
When the key contains public components only : Serializes it into an X.509 SubjectPublicKeyInfo. The parameters cipher and password are ignored.
A PEM-encoded key will look like:
-----BEGIN PUBLIC KEY-----
[...]
-----END PUBLIC KEY-----
Consider using #public_to_pem instead. This serializes the key into an
X.509 SubjectPublicKeyInfo regardless of whether it is a public key or a
private key.
When the key contains private components, and no parameters are given : Serializes it into a SEC 1/RFC 5915 ECPrivateKey.
A PEM-encoded key will look like:
-----BEGIN EC PRIVATE KEY-----
[...]
-----END EC PRIVATE KEY-----
When the key contains private components, and cipher and password are given : Serializes it into a SEC 1/RFC 5915 ECPrivateKey and encrypts it in OpenSSL’s traditional PEM encryption format. cipher must be a cipher name understood by OpenSSL::Cipher.new or an instance of OpenSSL::Cipher.
An encrypted PEM-encoded key will look like:
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,733F5302505B34701FC41F5C0746E4C0
[...]
-----END EC PRIVATE KEY-----
Note that this format uses MD5 to derive the encryption key, and hence
will not be available on FIPS-compliant systems.
<strong>This method is kept for compatibility.</strong> This should only be used when the SEC 1/RFC 5915 ECPrivateKey format is required.
Consider using public_to_pem (X.509 SubjectPublicKeyInfo) or private_to_pem (PKCS #8 PrivateKeyInfo or EncryptedPrivateKeyInfo) instead.