Feature #4424
closed
[ext/openssl] Allow public/private key creation from arbitrary data
Description
=begin
There is a public funtion in PKey that allowed to read arbitrary
private keys from a file regardless of the actual key type, but it
was not exposed in Ruby, only in C.
In Ruby, the only way to instantiate public/private keys is by
calling initialize on the correct PKey subclass, implying that
you need to know what kind of key you're actually dealing with.
There are situations where the key type is not known in advance,
e.g. if a certificate SubjectPublicKeyInfo shall be turned into
a public key. In that case you only know that you're dealing with
a public key, but not necessarily with what kind of key. In
situations like these it would come in handy to have methods that
create a PKey instance regardless of the underlying data.
The attached patch provides this by adding two module functions to
PKey, read_public and read_private. They allow reading generic
public/private keys from a String or a File, optionally providing
a password in the case of encrypted PEM encodings. RDoc has also
been supplemented.
Please note that the included tests partly rely on the patches
proposed in
http://redmine.ruby-lang.org/issues/show/4421,
http://redmine.ruby-lang.org/issues/show/4422 and
http://redmine.ruby-lang.org/issues/show/4423
If those were applied, the combination with this patch would
provide consistent behavior among all three public key systems
supported in Ruby.
Regards,
Martin
=end
Files
Updated by MartinBosslet (Martin Bosslet) almost 13 years ago
- Status changed from Open to Assigned
- Assignee set to MartinBosslet (Martin Bosslet)
Hi all,
I applied
http://redmine.ruby-lang.org/issues/show/4421,
http://redmine.ruby-lang.org/issues/show/4422 and
http://redmine.ruby-lang.org/issues/show/4423.
When again looking at this I realized that there is no
need for separating creation of public and private keys, one
method is actually all it takes (cf. attachment).
This feature would add
OpenSSL::PKey.read( file | string [, pwd] )
that allows to read arbitrary keys (private or public)
that are encoded in the generic X.509 format.
Two questions:
- Is it OK if I apply this?
- Is "read" OK w.r.t naming conventions? Or should I use
initialize instead (as it is done for the sub-classes RSA,
DSA and EC) or name it differently altogether?
Regards,
Martin
Updated by MartinBosslet (Martin Bosslet) almost 13 years ago
- File pkey_from_data2.tar.gz pkey_from_data2.tar.gz added
Updated by Anonymous almost 13 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r32036.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- ext/openssl/ossl_pkey.c: added PKey.read module function that allow
reading arbitrary public/private keys from DER-/PEM-encoded File or
string instances. - ext/openssl/ossl_pkey_dh.c: improved documentation.
- test/openssl/utils.rb: added EC test key.
- test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from
OpenSSL::TestUtils. - test/openssl/test_pkey_ec.rb: Created test file for EC tests.
Test PKey.read.
[Ruby 1.9 - Feature #4424] [ruby-core:35330]
Updated by MartinBosslet (Martin Bosslet) almost 13 years ago
I added the PKey.read functionality as a new (backward-compatible) feature to the PKey module.
Regards,
Martin