如何在Ruby中使用PKI（公钥/私钥）加密？

Question

我想加密一个字符串，以便最终用户可以验证它是否由我加密，但是他们不能自己加密。

例如，我有一个私钥'private'，一个公钥'public'，一个消息'hello world'，并希望做类似的事情：

private_key = 'private'
public_key = 'public'
message = 'hello world'

encrypted_value = Crypto.encrypt(message, private_key)
# encrypted_value is now 'd92a01df241a3'

is_verified = Crypto.verify(message, public_key)
# given just the public key and the message, is_verified will 
# be able to tell whether it's accurate

# note that the encrypted_value cannot be generated by just the public_key
# but it can be verified by the public_key

Answer 1

您正在寻找内置Ruby OpenSSL wrapper。该文档提供了如何执行此操作的示例。

注意：使用下面的.sign方法使用私钥对数据进行签名只会生成数字签名，但不会加密您的数据。根据您的问题，您不清楚是要加密数据还是仅验证消息。如果要加密数据，还必须使用Cipher类。您只需要一个数字签名来验证您的数据没有经过调整并经过您的签名！

签署您的信息

require 'openssl'

# Load PRIVATE key
private_key = OpenSSL::PKey::RSA.new(File.read('private_key.pem'))

# Sign your data
signature = private_key.sign(OpenSSL::Digest::SHA256.new, message)

# Our message signature that ensures that our data is signed by our private key
puts signature    # => "\x04\xEC\xCC?\xDE\x8F\x91>G\xC2*M\xA7j\xA5\x16\..." 

现在，发送您的数据＆amp;签名到接收端。此外，您可以考虑使用PKCS#7作为打包数据和签名的标准方法。

验证您的消息＆amp;签名

require 'openssl'

# Load PUBLIC key
public_key = OpenSSL::PKey::RSA.new(File.read('public_key.pem'))

# We have received the following data
message = "Hello World!"
signature = "\x04\xEC\xCC?\xDE\x8F\x91>G\..."    # Long signature

# Verify the message & its signature
if public_key.verify(OpenSSL::Digest::SHA256.new, signature, message)
    "VALID: Signed by pair private key"
else
    "NOT VALID: Data tampered or private-public key mismatch!"
end