Feature #4424

[ext/openssl] Allow public/private key creation from arbitrary data

Added by Martin Bosslet about 3 years ago. Updated almost 3 years ago.

[ruby-core:35330]
Status:Closed
Priority:Normal
Assignee:Martin Bosslet
Category:ext
Target version:1.9.3

Description

=begin
There is a public funtion in PKey that allowed to read arbitrary
private keys from a file regardless of the actual key type, but it
was not exposed in Ruby, only in C.
In Ruby, the only way to instantiate public/private keys is by
calling initialize on the correct PKey subclass, implying that
you need to know what kind of key you're actually dealing with.
There are situations where the key type is not known in advance,
e.g. if a certificate SubjectPublicKeyInfo shall be turned into
a public key. In that case you only know that you're dealing with
a public key, but not necessarily with what kind of key. In
situations like these it would come in handy to have methods that
create a PKey instance regardless of the underlying data.

The attached patch provides this by adding two module functions to
PKey, readpublic and readprivate. They allow reading generic
public/private keys from a String or a File, optionally providing
a password in the case of encrypted PEM encodings. RDoc has also
been supplemented.

Please note that the included tests partly rely on the patches
proposed in

http://redmine.ruby-lang.org/issues/show/4421,
http://redmine.ruby-lang.org/issues/show/4422 and
http://redmine.ruby-lang.org/issues/show/4423

If those were applied, the combination with this patch would
provide consistent behavior among all three public key systems
supported in Ruby.

Regards,
Martin
=end

pkey_from_data.tar.gz (1.89 KB) Martin Bosslet, 02/22/2011 09:20 AM

pkey_from_data2.tar.gz (2 KB) Martin Bosslet, 05/12/2011 09:43 AM

Associated revisions

Revision 32036
Added by emboss almost 3 years ago

  • ext/openssl/ossl_pkey.c: added PKey.read module function that allow reading arbitrary public/private keys from DER-/PEM-encoded File or string instances.
  • ext/openssl/osslpkeydh.c: improved documentation.
  • test/openssl/utils.rb: added EC test key.
  • test/openssl/testpkeyrsa.rb test/openssl/testpkeydsa.rb: Test PKey.read. Reuse keys from OpenSSL::TestUtils.
  • test/openssl/testpkeyec.rb: Created test file for EC tests. Test PKey.read. [Ruby 1.9 - Feature #4424]

History

#1 Updated by Martin Bosslet almost 3 years ago

  • Status changed from Open to Assigned
  • Assignee set to Martin Bosslet

Hi all,

I applied

http://redmine.ruby-lang.org/issues/show/4421,
http://redmine.ruby-lang.org/issues/show/4422 and
http://redmine.ruby-lang.org/issues/show/4423.

When again looking at this I realized that there is no
need for separating creation of public and private keys, one
method is actually all it takes (cf. attachment).
This feature would add

OpenSSL::PKey.read( file | string [, pwd] )

that allows to read arbitrary keys (private or public)
that are encoded in the generic X.509 format.

Two questions:

1) Is it OK if I apply this?
2) Is "read" OK w.r.t naming conventions? Or should I use
initialize instead (as it is done for the sub-classes RSA,
DSA and EC) or name it differently altogether?

Regards,
Martin

#3 Updated by Anonymous almost 3 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r32036.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • ext/openssl/ossl_pkey.c: added PKey.read module function that allow reading arbitrary public/private keys from DER-/PEM-encoded File or string instances.
  • ext/openssl/osslpkeydh.c: improved documentation.
  • test/openssl/utils.rb: added EC test key.
  • test/openssl/testpkeyrsa.rb test/openssl/testpkeydsa.rb: Test PKey.read. Reuse keys from OpenSSL::TestUtils.
  • test/openssl/testpkeyec.rb: Created test file for EC tests. Test PKey.read. [Ruby 1.9 - Feature #4424]

#4 Updated by Martin Bosslet almost 3 years ago

I added the PKey.read functionality as a new (backward-compatible) feature to the PKey module.

Regards,
Martin

Also available in: Atom PDF