使用Ruby OpenSSL库时无效的公共密钥 [英] Invalid public keys when using the Ruby OpenSSL library
问题描述
我想在Ruby中生成RSA密钥对,主要使用此博文。这是我稍微修改的代码:
I'm trying to generate RSA keypairs in Ruby, mostly using the examples from this blog post. Here is my slightly modified code:
def generate_keypair(passphrase)
rsa_key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
private_key = rsa_key.to_pem(cipher, passphrase)
public_key = rsa_key.public_key.to_pem
return private_key, public_key
end
键和公共密钥,我可以将它们写入文件系统上的文件。
This successfully generates a private key and a public key, and I can write those out to files on the filesystem.
irb(main):002:0> private_key1, public_key1 = generate_keypair('test')
[...output of keys...]
irb(main):003:0> File.open("key.pem","w") {|f| f.write(private_key1) }
=> 1766
irb(main):004:0> File.open("pubkey.pem","w") {|f| f.write(public_key1) }
=> 426
但是,当我尝试使用这个公钥时,OpenSSL抱怨:
However, OpenSSL complains when I try to use this public key:
$ openssl rsautl -encrypt -inkey pubkey.pem -pubin -in text.txt -out text.ssl
unable to load Public Key
如果我使用 openssl 键,然后一切正常:
If I use the openssl tool to extract the public key from the private key then everything works:
$ openssl rsa -in key.pem -pubout -out pubkey2.pem
Enter pass phrase for key.pem:
writing RSA key
$ openssl rsautl -encrypt -inkey pubkey2.pem -pubin -in text.txt -out text.ssl
$ openssl rsautl -decrypt -inkey key.pem -in text.ssl
Enter pass phrase for key.pem:
this is a
file that
needs to be
encrypted
Ruby OpenSSL库产生的公共密钥不同于 openssl cli工具从私钥中提取:
The public key that the Ruby OpenSSL library produced is different from the public key that the openssl cli tool extracted from the private key:
$ cat pubkey.pem
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzgNcsEL7yGBoLBYBXFYrDL6oLP8ZbW9+VwdoXyNG6Qt/NEhEx4Ww
5yOxtXAbqeUwyvbTUxRrJ02dQcb4FGcSMDgz2QHIZyCuDJkgC9Wj7KI1Q7g0GV+7
DcZvLcwPZOhLXqUzlcZXjDWM1PZ+az734qEribgyI+87LB8TujG8v5iOvdzT/Je4
JAllToZVGC3RddfTc6ww37gB39B++FYNzPg+nrIEU45KgEWPo2eJxBpX29lACh6q
EEBCQr9xyLxOC2eomYIl3dG2dV7nGGH7Pur2HjppgJphBvNkwxIWUa/pD6hAnOQ4
MkDDFGwWv7eJLb4UZuZjafTbqokHved3bwIDAQAB
-----END RSA PUBLIC KEY-----
$ cat pubkey2.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgNcsEL7yGBoLBYBXFYr
DL6oLP8ZbW9+VwdoXyNG6Qt/NEhEx4Ww5yOxtXAbqeUwyvbTUxRrJ02dQcb4FGcS
MDgz2QHIZyCuDJkgC9Wj7KI1Q7g0GV+7DcZvLcwPZOhLXqUzlcZXjDWM1PZ+az73
4qEribgyI+87LB8TujG8v5iOvdzT/Je4JAllToZVGC3RddfTc6ww37gB39B++FYN
zPg+nrIEU45KgEWPo2eJxBpX29lACh6qEEBCQr9xyLxOC2eomYIl3dG2dV7nGGH7
Pur2HjppgJphBvNkwxIWUa/pD6hAnOQ4MkDDFGwWv7eJLb4UZuZjafTbqokHved3
bwIDAQAB
-----END PUBLIC KEY-----
我不太确定这里发生了什么,但似乎Ruby OpenSSL库产生一个无效的公钥pem文件。我做错了什么?
I'm not quite sure what is going on here, but it seems as if the Ruby OpenSSL library is producing an invalid public key pem file. Am I doing something wrong?
推荐答案
似乎OSSL不支持这种格式。 openssl rsa生成的是一个RSA_PUBKEY结构:一个PUBKEY记录,它被ASN.1-标记(带有OID)以指示它是一个RSA密钥。 Ruby生成的是一个原始RSA密钥(其中字节不表示它是RSA;因此您必须在PEM头中声明)。
It seems that OSSL doesn't support that format. What "openssl rsa" generates is an RSA_PUBKEY structure: a PUBKEY record which is ASN.1-"tagged" (with an OID) to indicate that it's an RSA key. What Ruby generates is a "raw" RSA key (where the bytes don't indicate that it is RSA; so you have to declare that in the PEM header).
OSSL应使用像PEM_write_bio_RSA_PUBKEY(或通用PEM_write_bio_PUBKEY)之类的API函数,而不是PEM_write_bio_RSAPublicKey。
OSSL should use an API function like PEM_write_bio_RSA_PUBKEY (or the generic PEM_write_bio_PUBKEY), instead of/in addition to PEM_write_bio_RSAPublicKey.
这篇关于使用Ruby OpenSSL库时无效的公共密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
