How to go about signing text in a verifiable way from within ruby in a simple yet strong & portable way?

Question

Guys,

I have been looking for a portable method to digitally sign arbitrary text which can be placed in a document and distributed while maintaining its verifiable origin. Here is an example:

a = 'some text'
a.sign(<private key>) # => <some signature in ASCII format>

The contents of a can now be distributed freely. If a receiver wants to check the validity of said text they can do the following:

b = 'some text'
b.valid(<public key>, <signature supplied with text>) # => true/false

Is there any library out there that already offers this kind of functionality? Ruby standard library contains SHA hashing code so at lest there is a portable way to perform the hashing but from that point I am struggling to find anything which fits purpose.

Kind Regards,

Roja

Answer 1

What do you mean by "portable"? Is openssl portable enough for you? Here's a nice article by Ola Bini about different scenarios in ruby. Essentially, this is how you'd sign and verify a message:

require 'openssl'

pub_key = OpenSSL::PKey::RSA.new(File.read("public_key.pem"))
priv_key = OpenSSL::PKey::RSA.new(File.read("private_key.pem"))

text = "This is the text I want to send"*200

signature = priv_key.sign(OpenSSL::Digest::SHA1.new,text)

if pub_key.verify(OpenSSL::Digest::SHA1.new, signature, text)
  puts "Signature verified"
else
  puts "Signature NOT verified"
end