Generate X.509 certificate/request/CRL with elliptic curve keys
Elliptic curve keys (
OpenSSL::PKey::EC) cannot currently be used with the X.509 classes in Ruby OpenSSL. This is due to a few slight incompatibilities between the way RSA/DSA are implemented and the way EC is implemented.
OpenSSL::PKey::ECdoes not respond to
#private?which is used by the
OpenSSL::PKey::EC::Pointinstead of a
OpenSSL::PKey::ECobject with just public key fields
This patch adds an alias for
OpenSSL::PKey::EC that correspond to
#private_key?. This brings it in line with the same interface on
OpenSSL::PKey::DSA. This also allows the key to be used with the X.509 classes I mentioned.
The second issue is unfortunately more complex as it does not look like it is possible to fix without either breaking backwards compatibility or putting some branching deeper in
OpenSSL::X509::CRL. The good news is you can pass the private
OpenSSL::PKey::EC key to
#public_key= and it still does the right thing.