1. 技术文章
  2. Opening an RSA private key from Ruby

Opening an RSA private key from Ruby

自古美人都是妖i 提交于 2019-12-22 05:09:08

问题


I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does?

I know I can do this:

OpenSSL::PKey::RSA.new(File.read('private_key'))

But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter?

And, how can I create one compatible to the ones generated by ssh-keygen?

I do something like this to create private encrypted keys:

pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final

Also, keys generated by OpenSSL::PKey::RSA.new(1024) (without encryption), don't work when I try password-less logins (i.e., I copy the public key to the server and use the private one to login).

Also, when I open an ssh-keygen file via OpenSSL and then check its contents, it appears to have additional characters at the beginning and end of the key. Is this normal?

I don't really understand some of this security stuff, but I'm trying to learn. What is it that I'm doing wrong?


回答1:


According to the blog post here:

http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

You can simply do:

OpenSSL::PKey::RSA.new(File.read('private_key'), 'passphrase')

Best of luck.




回答2:


I've made some progress on this. If I use the Net::SSH library, I can do this:

Net::SSH::KeyFactory.load_private_key 'keyfile', 'passphrase'

By reading the source code I have yet to figure out what the library does to OpenSSL's PKey::RSA.new to accomplish this... And then I go and test again, and sure enough, OpenSSL can open the private key just fine without Net::SSH... I've made so much tests that somehow I didn't test this correctly before.

But I still have the issue of creating an SSH compatible key pair... and maybe I'll go test again and have the answer :P ... nah, I'm not that interested in that part



来源:https://stackoverflow.com/questions/235759/opening-an-rsa-private-key-from-ruby

标签
ruby
encryption
OpenSSL
encryption-asymmetric
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!