Module: JsonWebToken::Algorithm::Ecdsa

Extended by:

Common, Format::Asn1

Defined in:

lib/json_web_token/algorithm/ecdsa.rb

Overview

Sign or verify a JSON Web Signature (JWS) structure using ECDSA

See Also:

• http://tools.ietf.org/html/rfc7518#section-3.4

Constant Summary

MAC_BYTE_COUNT =

{
  '256' => 64, # prime256v1 aka: secp256r1
  '384' => 96, # secp384r1
  '512' => 132 # secp521r1 note difference (not 128) due to using 521-bit integers
}

Constants included from Common

Common::SHA_BITS

Constants included from Format::Asn1

Format::Asn1::KEY_BITS

Class Method Summary

• .sign(sha_bits, private_key, signing_input) ⇒ BinaryString

  A digital signature, or mac.

• .verify?(mac, sha_bits, public_key, signing_input) ⇒ Boolean

  A predicate to verify the signing_input for a given mac.

Methods included from Common

digest_new, validate_key, validate_sha_bits

Methods included from Format::Asn1

der_to_signature, signature_to_der

Class Method Details

.sign(sha_bits, private_key, signing_input) ⇒ BinaryString

Returns a digital signature, or mac.

Examples:

Ecdsa.sign('256', private_key, 'signing_input').bytes
# => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]

Parameters:

• sha_bits (String) —

  desired security level in bits of the signature scheme

• private_key (OpenSSL::PKey::EC) —

  key used to sign a digital signature, or mac

• signing_input (String) —

  input payload for a mac computation

Returns:

• (BinaryString) —

  a digital signature, or mac

# File 'lib/json_web_token/algorithm/ecdsa.rb', line 28

def sign(sha_bits, private_key, signing_input)
  validate_key(sha_bits, private_key)
  der = private_key.dsa_sign_asn1(ssl_digest_hash sha_bits, signing_input)
  der_to_signature(der, sha_bits)
end

.verify?(mac, sha_bits, public_key, signing_input) ⇒ Boolean

Returns a predicate to verify the signing_input for a given mac.

Examples:

Ecdsa.verify?(< binary_string >, '256', < public_key >, 'signing_input')
# => true

Parameters:

• mac (BinaryString) —

  a digital signature, or mac

• sha_bits (String) —

  desired security level in bits of the signature scheme

• public_key (OpenSSL::PKey::EC) —

  key used to verify a digital signature, or mac

• signing_input (String) —

  input payload for a mac computation

Returns:

• (Boolean) —

  a predicate to verify the signing_input for a given mac

# File 'lib/json_web_token/algorithm/ecdsa.rb', line 42

def verify?(mac, sha_bits, public_key, signing_input)
  validate_key(sha_bits, public_key)
  validate_signature_size(mac, sha_bits)
  der = signature_to_der(mac, sha_bits)
  public_key.dsa_verify_asn1(ssl_digest_hash(sha_bits, signing_input), der)
end