Support PSS signatures in RSA verification

This gem requires that ruby be built against OpenSSL 1.0.1 or higher! Earlier versions don’t support PSS signature verification.

Usage

“by require ‘openssl_rsa_pss_verify’ pubkey = OpenSSL::PKey::RSA.new File.read(“my_pubkey.pem”) raw_data = File.read(“my_raw_data”) signature = File.read(“my_signature”) salt_lenth = 0

pubkey.verify_pss_sha1(signature, OpenSSL::Digest::SHA1.digest(raw_data), salt_length)

=> true or false

“

This the above is identical to

“sh openssl sha1 -binary my_raw_data > my_hashed_data openssl pkeyutl -verify -in my_hashed_data -pubin -inkey my_pubkey.pem \ -sigfile my_signature -pkeyopt digest:sha1 -pkeyopt rsa_padding_mode:pss \ -pkeyopt rsa_pss_saltlen:0

“

See the man page for more information.

Notes

• Only supports SHA1
• OpenSSL 1.0.1 is not available on Heroku! I’m working on a custom buildpack, but it’s very ad hoc.