Project

General

Profile

Actions

Feature #4424

closed

[ext/openssl] Allow public/private key creation from arbitrary data

Added by MartinBosslet (Martin Bosslet) over 13 years ago. Updated over 13 years ago.

Status:
Closed
Target version:
[ruby-core:35330]

Description

=begin
There is a public funtion in PKey that allowed to read arbitrary
private keys from a file regardless of the actual key type, but it
was not exposed in Ruby, only in C.
In Ruby, the only way to instantiate public/private keys is by
calling initialize on the correct PKey subclass, implying that
you need to know what kind of key you're actually dealing with.
There are situations where the key type is not known in advance,
e.g. if a certificate SubjectPublicKeyInfo shall be turned into
a public key. In that case you only know that you're dealing with
a public key, but not necessarily with what kind of key. In
situations like these it would come in handy to have methods that
create a PKey instance regardless of the underlying data.

The attached patch provides this by adding two module functions to
PKey, read_public and read_private. They allow reading generic
public/private keys from a String or a File, optionally providing
a password in the case of encrypted PEM encodings. RDoc has also
been supplemented.

Please note that the included tests partly rely on the patches
proposed in

http://redmine.ruby-lang.org/issues/show/4421,
http://redmine.ruby-lang.org/issues/show/4422 and
http://redmine.ruby-lang.org/issues/show/4423

If those were applied, the combination with this patch would
provide consistent behavior among all three public key systems
supported in Ruby.

Regards,
Martin
=end


Files

pkey_from_data.tar.gz (1.89 KB) pkey_from_data.tar.gz MartinBosslet (Martin Bosslet), 02/22/2011 09:20 AM
pkey_from_data2.tar.gz (2 KB) pkey_from_data2.tar.gz MartinBosslet (Martin Bosslet), 05/12/2011 09:43 AM

Updated by MartinBosslet (Martin Bosslet) over 13 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)

Hi all,

I applied

http://redmine.ruby-lang.org/issues/show/4421,
http://redmine.ruby-lang.org/issues/show/4422 and
http://redmine.ruby-lang.org/issues/show/4423.

When again looking at this I realized that there is no
need for separating creation of public and private keys, one
method is actually all it takes (cf. attachment).
This feature would add

OpenSSL::PKey.read( file | string [, pwd] )

that allows to read arbitrary keys (private or public)
that are encoded in the generic X.509 format.

Two questions:

  1. Is it OK if I apply this?
  2. Is "read" OK w.r.t naming conventions? Or should I use
    initialize instead (as it is done for the sub-classes RSA,
    DSA and EC) or name it differently altogether?

Regards,
Martin

Actions #3

Updated by Anonymous over 13 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r32036.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • ext/openssl/ossl_pkey.c: added PKey.read module function that allow
    reading arbitrary public/private keys from DER-/PEM-encoded File or
    string instances.
  • ext/openssl/ossl_pkey_dh.c: improved documentation.
  • test/openssl/utils.rb: added EC test key.
  • test/openssl/test_pkey_rsa.rb
    test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from
    OpenSSL::TestUtils.
  • test/openssl/test_pkey_ec.rb: Created test file for EC tests.
    Test PKey.read.
    [Ruby 1.9 - Feature #4424] [ruby-core:35330]

Updated by MartinBosslet (Martin Bosslet) over 13 years ago

I added the PKey.read functionality as a new (backward-compatible) feature to the PKey module.

Regards,
Martin

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0