forked from pelle/ezcrypto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME_DIGITAL_SIGNATURES
55 lines (32 loc) · 1.77 KB
/
README_DIGITAL_SIGNATURES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
= EzSig - Easy to use Digital Signatures for Ruby
EzSig is based on OpenSSL and allows you to do create and verify digital signatures in Ruby without learning too much crypto goobledegook.
== Features
* Simple Signer class
* Simple Verifier class
* Certificate sub class of Verifier which lets you read the certificate data in clear ruby.
== Installation
Download it from here:
http://rubyforge.org/frs/?group_id=755
or install it via Ruby Gems:
gem install ezruby
== Simple examples
==== Load Private key and sign
signer=EzCrypto::Signer.from_file "testsigner.pem"
sig=signer.sign "hello"
==== Load Certificate and verify
cert=EzCrypto::Verifier.from_file "testsigner.cert"
cert.verify( sig,"hello")
==== Query Certificate for information
assert_equal cert.email,"[email protected]"
assert_equal cert.country,"DK"
assert_equal cert.state,"Denmark"
assert_equal cert.locality,"Copenhagen"
== PKYP integration
http://pkyp.org allows you register your public keys and certificates on a public server. If you have web applications with certificates or public keys you can point your users at http://pkyp.org/{key.digest} for more info about a certificate.
Register a public key or certificate at PKYP with the new method register_with_pkyp like this:
signer=EzCrypto::Signer.generate
signer.verifier.register_with_pkyp
If you have the public key or certificate digest you can fetch the full public key or certificate like this:
verifier=EzCrypto::Verifier.from_pkyp "e93e18114cbefaaa89fda908b09df63d3662879a"
verifier.verify sig, request_text
This allows a simpler way of transfering certificates. The idea of including certificates with every request is not really necessary in an online world. For example you could pass the digest in a HTTP header for a REST web services request.