{"id":15788360,"url":"https://github.com/raphael/rightcert","last_synced_at":"2026-02-24T18:39:07.266Z","repository":{"id":543199,"uuid":"173165","full_name":"raphael/rightcert","owner":"raphael","description":"Small ruby library for simple X.509 certificate generation and signature. Allows signing and/or encrypting data using PKCS7.","archived":false,"fork":false,"pushed_at":"2018-07-25T00:40:58.000Z","size":88,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-10-28T15:42:28.562Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://rightcert.rubyforge.org/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/raphael.png","metadata":{"files":{"readme":"README.rdoc","changelog":null,"contributing":null,"funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2009-04-10T23:48:23.000Z","updated_at":"2019-08-13T14:17:01.000Z","dependencies_parsed_at":"2022-08-16T10:30:38.927Z","dependency_job_id":null,"html_url":"https://github.com/raphael/rightcert","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/raphael/rightcert","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphael%2Frightcert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphael%2Frightcert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphael%2Frightcert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphael%2Frightcert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/raphael","download_url":"https://codeload.github.com/raphael/rightcert/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphael%2Frightcert/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29795302,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-24T16:37:37.581Z","status":"ssl_error","status_checked_at":"2026-02-24T16:37:37.074Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-04T21:41:56.396Z","updated_at":"2026-02-24T18:39:07.249Z","avatar_url":"https://github.com/raphael.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"= RightCert\n\nSecure serialization using X.509 Certificates for digital signatures and encryption\n\n== Synopsis\n\nRightCert provides a *simple* way to create X.509 certificates and use them\nto sign and/or encrypt data. Signatures can later be verified and encrypted\ndata decrypted. RightCert also provides a secured serializer which can sign\nand optionally encrypt the serialized data. This serializer expose the \nstandard 'dump' and 'load' methods and thus can be used in place of the\nother standard ruby serializers (Marshal, YAML, JSON etc.)\n\n== Installation\n\nThe latest stable RightCert release is available as a Ruby gem:\n \n sudo gem install rightcert\n\nThe latest source code is available on github:\n\n git clone git://github.com/rightscale/rightcert.git\n\n== Usage\n\n=== Sign Data\n\nDigital signatures can be generated from any string as follows:\n\n def sign(data)\n # Certificate issuer distinguished name\n issuer = RightCert::DistinguishedName.new({ \n 'C' =\u003e 'US',\n 'ST' =\u003e 'California',\n 'L' =\u003e 'Santa Barbara',\n 'O' =\u003e 'MyOrganization',\n 'OU' =\u003e 'Certification Services',\n 'CN' =\u003e 'MyOrganization.com' })\n\n # Certificate subject distinguished name\n subject = RightCert::DistinguishedName.new({ \n 'C' =\u003e 'US',\n 'ST' =\u003e 'California',\n 'L' =\u003e 'Santa Barbara',\n 'O' =\u003e 'RightScale',\n 'OU' =\u003e 'RightCert',\n 'CN' =\u003e 'RightCert example' })\n\n # Create private key and certificate\n key = RightCert::RsaKeyPair.new\n cert = RightCert::Certificate.new(key, issuer, subject)\n\n # Generate digital signature\n RightCert::Signature.new(data, cert ,key)\n end\n\nThe signature can then be validated using:\n\n def check_signature(signature, cert)\n sig = Signature.from_data(signature)\n sig.match?(cert)\n end\n\n=== Encrypt Data\n\nSimilarly any string can be encrypted using:\n\n def encrypt(data)\n # Generate key and certificate as previously\n # Then create encrypted document\n doc = RightCert::EncryptedDocument.new(data, cert)\n # Encrypted PEM encoded data can be retrieved with\n doc.encrypted_data\n end\n\nAnd decrypted with:\n\n def decrypt(data, cert, key)\n doc = EncryptedDocument.from_data(data)\n doc.decrypted_data(key, cert)\n end\n \n=== Use Secure Serializer\n\nThe secure serializer uses certificates and corresponding private keys to sign\nand optionally encrypt the given payload.\n\nIt is important to understand that:\n1. A certificate only includes the public key component of a cryptographic key \n pair.\n2. Signing requires the use of a certificate and its private key, checking the\n signature then only requires the certificate (the idea is that only the\n signer has the secret private key and thus can sign but anyone can check the \n signature).\n3. Encrypting only requires the certificate but decrypting also requires the\n private key (anyone can encrypt the data but only the intended recipient can\n decrypt it).\n\nA signing serializer thus needs access to the signer certificate and private \nkey. An encrypting serializer *also* needs access to the intended recipients\ncertificates. There needs to be a way to dynamically retrieve the corresponding\ncertificates. This is done using certificate stores.\n\nCertificate stores associate identities with certificates. The identity is \nassociated when the data is serialized and can be keyed off to retrieve the \nright certificate upon deserialization.\n\nRightCert provides a static store implementation which can be used when the \ncertificates used for serialization are always the same and can be kept in \nmemory. RightCert also provides a certificate store proxy cache which can be\nassociated with any store implementation and will cache the most used \ncertificates.\n\nThe serializer should be initialized prior to being used by calling the 'init'\nmethod:\n\n # Initialize serializer, must be called prior to using it.\n #\n # - 'identity': Identity associated with serialized messages\n # - 'cert': Certificate used to sign serialized messages and\n # decrypt encrypted messages\n # - 'key': Private key corresponding to 'cert'\n # - 'store': Certificate store. Exposes certificates used for\n # encryption and signature validation.\n # - 'encrypt': Whether data should be signed and encrypted ('true')\n # or just signed ('false'), 'true' by default.\n #\n def Serializer.init(identity, cert, key, store, encrypt = true)\n\nOnce initialized the serializer can be used the same way other serializers are:\n\n data = RightCert::Serializer.dump(obj)\n RightCert::Serializer.load(data).should eql(obj)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraphael%2Frightcert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraphael%2Frightcert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraphael%2Frightcert/lists"}