U:RDoc::NormalModule[iI" PKey:EFI"OpenSSL::PKey;T0o:RDoc::Markup::Document: @parts[ o;;[: @fileI"$ext/openssl/lib/openssl/pkey.rb;T:0@omit_headings_from_table_of_contents_below0o;;[S:RDoc::Markup::Heading: leveli: textI"%Asymmetric Public Key Algorithms;To:RDoc::Markup::BlankLineo:RDoc::Markup::Paragraph;[ I"LAsymmetric public key algorithms solve the problem of establishing and ;TI"Esharing secret keys to en-/decrypt messages. The key in such an ;TI"Kalgorithm consists of two parts: a public key that may be distributed ;TI"=to others and a private key that needs to remain secret.;T@o;;[ I"CMessages encrypted with a public key can only be decrypted by ;TI"Frecipients that are in possession of the associated private key. ;TI"HSince public key algorithms are considerably slower than symmetric ;TI"Kkey algorithms (cf. OpenSSL::Cipher) they are often used to establish ;TI"Ja symmetric key shared between two parties that are in possession of ;TI"each other's public key.;T@o;;[I"KAsymmetric algorithms offer a lot of nice features that are used in a ;TI"Klot of different areas. A very common application is the creation and ;TI"Ivalidation of digital signatures. To sign a document, the signatory ;TI"Hgenerally uses a message digest algorithm (cf. OpenSSL::Digest) to ;TI"Kcompute a digest of the document that is then encrypted (i.e. signed) ;TI"Lusing the private key. Anyone in possession of the public key may then ;TI"Jverify the signature by computing the message digest of the original ;TI"Kdocument on their own, decrypting the signature using the signatory's ;TI"Dpublic key and comparing the result to the message digest they ;TI"Dpreviously computed. The signature is valid if and only if the ;TI"9decrypted signature is equal to this message digest.;T@o;;[I"IThe PKey module offers support for three popular public/private key ;TI"algorithms:;To:RDoc::Markup::List: @type: BULLET: @items[o:RDoc::Markup::ListItem: @label0;[o;;[I"RSA (OpenSSL::PKey::RSA);To;;0;[o;;[I"DSA (OpenSSL::PKey::DSA);To;;0;[o;;[I"4Elliptic Curve Cryptography (OpenSSL::PKey::EC);To;;[I"JEach of these implementations is in fact a sub-class of the abstract ;TI"MPKey class which offers the interface for supporting digital signatures ;TI".in the form of PKey#sign and PKey#verify.;T@S; ; i; I" Diffie-Hellman Key Exchange;T@o;;[I"HFinally PKey also features OpenSSL::PKey::DH, an implementation of ;TI"Kthe Diffie-Hellman key exchange protocol based on discrete logarithms ;TI"