PKI: sign content or verify a signature

PKI.sign signs content using RSA with the specified hash function

PKI.verify verifies a signature of RSA-signed content

PKI.sign(what, key, hash = c("SHA1", "SHA256", "MD5"), digest)
PKI.verify(what, signature, key, hash = c("SHA1", "SHA256", "MD5"), digest)

Arguments

what

raw vector: content to sign

key

RSA private key to use for signing; RSA public key or certificate to use for verification.

hash

hash function to use. "MD5" should not be used unless absolutely needed for compatibility as it is less secure.

digest

raw vector: it is possible to supply the digest of the content directly instead of specifying what.

signature

raw vector: signature

Details

Objects are signed by computing a hash function digest (typically using SHA1 hash function) and then signing the digest with a RSA key. Verification is done by computing the digest and then comparing the signature to the digest. Private key is needed for signing whereas public key is needed for verification.

Both functions call PKI.digest on what if digest is not specified.

Value

PKI.sign signature (raw vector)

PKI.verify logical: TRUE if the digest and signature match, FALSE otherwise

Author

Simon Urbanek

See also

PKI.pubkey, PKI.genRSAkey, PKI.digest

Examples

  key <- PKI.genRSAkey(2048)
  x <- charToRaw("My message to sign")
  sig <- PKI.sign(x, key)
  stopifnot(PKI.verify(x, sig, key))