Feature #4424


[ext/openssl] Allow public/private key creation from arbitrary data

Added by MartinBosslet (Martin Bosslet) almost 13 years ago. Updated over 12 years ago.

Target version:


There is a public funtion in PKey that allowed to read arbitrary
private keys from a file regardless of the actual key type, but it
was not exposed in Ruby, only in C.
In Ruby, the only way to instantiate public/private keys is by
calling initialize on the correct PKey subclass, implying that
you need to know what kind of key you're actually dealing with.
There are situations where the key type is not known in advance,
e.g. if a certificate SubjectPublicKeyInfo shall be turned into
a public key. In that case you only know that you're dealing with
a public key, but not necessarily with what kind of key. In
situations like these it would come in handy to have methods that
create a PKey instance regardless of the underlying data.

The attached patch provides this by adding two module functions to
PKey, read_public and read_private. They allow reading generic
public/private keys from a String or a File, optionally providing
a password in the case of encrypted PEM encodings. RDoc has also
been supplemented.

Please note that the included tests partly rely on the patches
proposed in, and

If those were applied, the combination with this patch would
provide consistent behavior among all three public key systems
supported in Ruby.



pkey_from_data.tar.gz (1.89 KB) pkey_from_data.tar.gz MartinBosslet (Martin Bosslet), 02/22/2011 09:20 AM
pkey_from_data2.tar.gz (2 KB) pkey_from_data2.tar.gz MartinBosslet (Martin Bosslet), 05/12/2011 09:43 AM

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)

Hi all,

I applied, and

When again looking at this I realized that there is no
need for separating creation of public and private keys, one
method is actually all it takes (cf. attachment).
This feature would add file | string [, pwd] )

that allows to read arbitrary keys (private or public)
that are encoded in the generic X.509 format.

Two questions:

  1. Is it OK if I apply this?
  2. Is "read" OK w.r.t naming conventions? Or should I use
    initialize instead (as it is done for the sub-classes RSA,
    DSA and EC) or name it differently altogether?


Actions #3

Updated by Anonymous over 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r32036.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

  • ext/openssl/ossl_pkey.c: added module function that allow
    reading arbitrary public/private keys from DER-/PEM-encoded File or
    string instances.
  • ext/openssl/ossl_pkey_dh.c: improved documentation.
  • test/openssl/utils.rb: added EC test key.
  • test/openssl/test_pkey_rsa.rb
    test/openssl/test_pkey_dsa.rb: Test Reuse keys from
  • test/openssl/test_pkey_ec.rb: Created test file for EC tests.
    [Ruby 1.9 - Feature #4424] [ruby-core:35330]

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

I added the functionality as a new (backward-compatible) feature to the PKey module.



Also available in: Atom PDF