U:RDoc::NormalModule[iI"	PKey:EFI"OpenSSL::PKey;T0o:RDoc::Markup::Document:@parts[o;;[ :
@fileI"$ext/openssl/lib/openssl/pkey.rb;T:0@omit_headings_from_table_of_contents_below0o;;[S:RDoc::Markup::Heading:
leveli:	textI"%Asymmetric Public Key Algorithms;To:RDoc::Markup::BlankLine o:RDoc::Markup::Paragraph;[	I"LAsymmetric public key algorithms solve the problem of establishing and ;TI"Esharing secret keys to en-/decrypt messages. The key in such an ;TI"Kalgorithm consists of two parts: a public key that may be distributed ;TI"=to others and a private key that needs to remain secret.;T@o;;[I"CMessages encrypted with a public key can only be decrypted by ;TI"Frecipients that are in possession of the associated private key. ;TI"HSince public key algorithms are considerably slower than symmetric ;TI"Kkey algorithms (cf. OpenSSL::Cipher) they are often used to establish ;TI"Ja symmetric key shared between two parties that are in possession of ;TI"each other's public key.;T@o;;[I"KAsymmetric algorithms offer a lot of nice features that are used in a ;TI"Klot of different areas. A very common application is the creation and ;TI"Ivalidation of digital signatures. To sign a document, the signatory ;TI"Hgenerally uses a message digest algorithm (cf. OpenSSL::Digest) to ;TI"Kcompute a digest of the document that is then encrypted (i.e. signed) ;TI"Lusing the private key. Anyone in possession of the public key may then ;TI"Jverify the signature by computing the message digest of the original ;TI"Kdocument on their own, decrypting the signature using the signatory's ;TI"Dpublic key and comparing the result to the message digest they ;TI"Dpreviously computed. The signature is valid if and only if the ;TI"9decrypted signature is equal to this message digest.;T@o;;[I"IThe PKey module offers support for three popular public/private key ;TI"algorithms:;To:RDoc::Markup::List:
@type:BULLET:@items[o:RDoc::Markup::ListItem:@label0;[o;;[I"RSA (OpenSSL::PKey::RSA);To;;0;[o;;[I"DSA (OpenSSL::PKey::DSA);To;;0;[o;;[I"4Elliptic Curve Cryptography (OpenSSL::PKey::EC);To;;[I"JEach of these implementations is in fact a sub-class of the abstract ;TI"MPKey class which offers the interface for supporting digital signatures ;TI".in the form of PKey#sign and PKey#verify.;T@S;;i;I" Diffie-Hellman Key Exchange;T@o;;[I"HFinally PKey also features OpenSSL::PKey::DH, an implementation of ;TI"Kthe Diffie-Hellman key exchange protocol based on discrete logarithms ;TI"<in finite fields, the same basis that DSA is built on. ;TI"JThe Diffie-Hellman protocol can be used to exchange (symmetric) keys ;TI"Fover insecure channels without needing any prior joint knowledge ;TI"Fbetween the participating parties. As the security of DH demands ;TI"Brelatively long "public keys" (i.e. the part that is overtly ;TI"Etransmitted between participants) DH tends to be quite slow. If ;TI"Isecurity or speed is your primary concern, OpenSSL::PKey::EC offers ;TI";another implementation of the Diffie-Hellman protocol.;T;	I"ext/openssl/ossl_pkey.c;T;
0o;;[ ;	I"ext/openssl/ossl_pkey_dh.c;T;
0o;;[ ;	I" ext/openssl/ossl_pkey_dsa.c;T;
0o;;[ ;	I"ext/openssl/ossl_pkey_ec.c;T;
0o;;[ ;	I" ext/openssl/ossl_pkey_rsa.c;T;
0;	0;
0[ [ [ [[I"
class;T[[:public[[I"	read;TI"ext/openssl/ossl_pkey.c;T[:protected[ [:private[ [I"instance;T[[;[ [;[ [;[ [ [U:RDoc::Context::Section[i 0o;;[ ;	0;
0[@I"#ext/openssl/lib/openssl/ssl.rb;TI"ext/openssl/ossl.c;TI"lib/drb/ssl.rb;TI"*lib/rubygems/commands/cert_command.rb;TI"lib/rubygems/request.rb;TI"$lib/rubygems/security/signer.rb;TI"lib/rubygems/test_case.rb;TI"lib/webrick/ssl.rb;TI"OpenSSL;FcRDoc::NormalModule