Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
741 views
in Technique[技术] by (71.8m points)

openssl - Load PKCS#8 binary key into Ruby

I'm trying to load a particular private key encoded in binary DER format (PKCS#8) into Ruby.

However, OpenSSL::PKey won't recognize it. I can make it work by doing some console work and transforming it into a PEM like so:

openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem

After this, the key can correctly be read.

However, since I would like for the whole process to be done in memory instead of writing and reading files.

So my question is: Is it possible to load private keys from the binary encoded DER format into Ruby/OpenSSL?

Thank you for your time,

Fernando

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Yes, you can indirectly load PKCS#8 DER-encoded private keys using Ruby OpenSSL.

OpenSSL::PKey::RSA.new will only handle PEM-formatted PKCS#8, but it is easy to read the binary DER and convert it to a PEM-formatted string and then load from the string.

For example, with these DER-encoded private keys:

$ openssl genrsa | openssl pkcs8 -topk8 -outform DER 
    -nocrypt -out pkcs8.key
$ openssl genrsa | openssl pkcs8 -topk8 -outform DER 
    -v2 des3 -passout pass:secret -out pkcs8_des3.key

You can do something like this:

require 'openssl'
require 'base64'

def box(tag, lines)
  lines.unshift "-----BEGIN #{tag}-----"
  lines.push "-----END #{tag}-----"
  lines.join("
")
end

def der_to_pem(tag, der)
  box tag, Base64.strict_encode64(der).scan(/.{1,64}/)
end

pem = der_to_pem('PRIVATE KEY', File.read('pkcs8.key'))
key = OpenSSL::PKey::RSA.new(pem)

pem2 = der_to_pem('ENCRYPTED PRIVATE KEY', File.read('pkcs8_des3.key'))
key2 = OpenSSL::PKey::RSA.new(pem2, 'secret')

Read the DER bytes, Base64 them and put the PEM tags on top and bottom, and then load the key.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...