Type:
Class
A Simple Public Key Infrastructure implementation (pronounced “spookey”). The structure is defined as
1 2 3 4 5 6 7 8 9 10 | PublicKeyAndChallenge ::= SEQUENCE { spki SubjectPublicKeyInfo, challenge IA5STRING}SignedPublicKeyAndChallenge ::= SEQUENCE { publicKeyAndChallenge PublicKeyAndChallenge, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING} |
where the definitions of SubjectPublicKeyInfo and AlgorithmIdentifier can be found in RFC5280. SPKI is typically used in browsers for generating a public/private key pair and a subsequent certificate request, using the HTML <keygen> element.
Examples
Creating an SPKI
1 2 3 4 5 6 | key = OpenSSL::PKey::RSA.new 2048spki = OpenSSL::Netscape::SPKI.newspki.challenge = "RandomChallenge"spki.public_key = key.public_keyspki.sign(key, OpenSSL::Digest::SHA256.new)#send a request containing this to a server generating a certificate |
Verifiying an SPKI request
1 2 3 4 5 6 | request = #...spki = OpenSSL::Netscape::SPKI.new requestunless spki.verify(spki.public_key) # signature is invalidend#proceed |