Feature #12354
openPKey::EC Can't output public key pem when private key exists
Description
Steps to reproduce:
Create EC key:
key = OpenSSL::PKey::EC.new("prime256v1")
key.generate_key
Try and output in pem format
key.to_pem #Outputs private key pem
key.public_key.to_pem #Error
In order to output a public key pem, a new key object must be created with no private key:
key_pub = OpenSSL::PKey::EC.new(key.group)
key_pub.public_key = key.public_key
Output pem
key_pub.to_pem #Success!
From viewing the source, http://rxr.whitequark.org/mri/source/ext/openssl/ossl_pkey_ec.c#466 it seems that if the key is private there is no way to output a public key for that key object
Updated by hsbt (Hiroshi SHIBATA) almost 5 years ago
- Assignee set to rhenium (Kazuki Yamaguchi)
- Status changed from Open to Assigned
- Description updated (diff)
Updated by jeremyevans0 (Jeremy Evans) over 1 year ago
- Backport deleted (
2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN) - ruby -v deleted (
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux]) - Tracker changed from Bug to Feature
The following is a way to generate a PEM for a OpenSSL::PKey::EC
with both a private and a public key without allocating a new OpenSSL::PKey::EC
:
pk = key.private_key key.private_key = nil key.to_pem key.private_key = key
I agree that this approach is suboptimal, and it may be worthwhile to add a method for this, or a keyword argument to to_pem
. However, that is a request for a new feature, not a bug fix.
I checked and OpenSSL::PKey::RSA
doesn't have the same issue because OpenSSL::PKey::RSA#public_key
returns OpenSSL::PKey::RSA
(OpenSSL::PKey::EC
returns OpenSSL::PKey::EC::Point
). However, it still requires allocating a new OpenSSL::PKey::RSA
object.