Som*_*Guy 1 ruby encryption ssl cryptography pki
我想加密一个字符串,以便最终用户可以验证它是由我加密的,但是他们不能自己加密它.
例如,我有一个私钥'private',一个公钥'public',一个消息'hello world',并且想要做类似的事情:
private_key = 'private'
public_key = 'public'
message = 'hello world'
encrypted_value = Crypto.encrypt(message, private_key)
# encrypted_value is now 'd92a01df241a3'
is_verified = Crypto.verify(message, public_key)
# given just the public key and the message, is_verified will
# be able to tell whether it's accurate
# note that the encrypted_value cannot be generated by just the public_key
# but it can be verified by the public_key
您正在寻找内置的Ruby OpenSSL包装器.该文档提供了如何执行此操作的示例.
注意:使用.sign下面的方法使用私钥对数据进行签名只会生成数字签名,但不会对数据进行加密.根据您的问题,您不清楚是要加密数据还是仅验证消息.如果要加密数据,还必须使用Cipher类.您只需要一个数字签名来验证您的数据没有经过调整并且已经过您的签名!
require 'openssl'
# Load PRIVATE key
private_key = OpenSSL::PKey::RSA.new(File.read('private_key.pem'))
# Sign your data
signature = private_key.sign(OpenSSL::Digest::SHA256.new, message)
# Our message signature that ensures that our data is signed by our private key
puts signature # => "\x04\xEC\xCC?\xDE\x8F\x91>G\xC2*M\xA7j\xA5\x16\..."
现在,将您的数据和签名发送到接收端.此外,您可以考虑使用PKCS#7作为打包数据和签名的标准方法.
require 'openssl'
# Load PUBLIC key
public_key = OpenSSL::PKey::RSA.new(File.read('public_key.pem'))
# We have received the following data
message = "Hello World!"
signature = "\x04\xEC\xCC?\xDE\x8F\x91>G\..." # Long signature
# Verify the message & its signature
if public_key.verify(OpenSSL::Digest::SHA256.new, signature, message)
"VALID: Signed by pair private key"
else
"NOT VALID: Data tampered or private-public key mismatch!"
end
| 归档时间: |
|
| 查看次数: |
3386 次 |
| 最近记录: |