PKey::EC.public_key returns EC::Point
It appears that the EC subclass returns something isn't recognized as a public key (not a subclass of OpenSSL::PKey::PKey) when asked for its' public_key:
ext-ruby-2.4-ssl :040 > key = OpenSSL::PKey::EC.new('X25519') => # ext-ruby-2.4-ssl :041 > key.generate_key => # ext-ruby-2.4-ssl :042 > key.public_key => #>>>
The result can not be assigned as a certificate public key:
ext-ruby-2.4-ssl :043 > root_ca = OpenSSL::X509::Certificate.new => #, issuer=#, serial=#, not_before=nil, not_after=nil> ext-ruby-2.4-ssl :044 > root_ca.public_key = key.public_key TypeError: wrong argument (OpenSSL::PKey::EC::Point)! (Expected kind of OpenSSL::PKey::PKey)
which is how I understand the RSA and DSA objects work (see: https://github.com/augustl/ruby-openssl-cheat-sheet/blob/master/certificate_authority.rb )
ext-ruby-2.4-ssl :045 > root_ca.public_key = key => #>>
is just fine. However, later on, one runs into that:
NoMethodError: undefined method `private?' for #OpenSSL::PKey::EC:0x0000000453e388
which is more likely a bug in OpenSSL::X509::Certificate.
See #12324 for branch being used, also tested with 2.3.0, and using secp112r1 curve:
2.3.0 :026 > root_ca.sign(root_key, OpenSSL::Digest::SHA256.new) NoMethodError: undefined method `private?' for #
a simple monkey patch solved this issue, but reveals issues deeper in EVP which are unique to X25519.