从Ruby打开RSA私钥 [英] Opening an RSA private key from Ruby
问题描述
我认为我知道如何创建自定义加密的RSA密钥,但是如何读取一个像ssh-keygen一样的加密?
I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does?
我知道我可以这样做:
OpenSSL::PKey::RSA.new(File.read('private_key'))
但是OpenSSL要求我输入密码...如何将其作为参数传递给OpenSSL ?
But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter?
而且,如何创建一个与ssh-keygen生成的兼容?
And, how can I create one compatible to the ones generated by ssh-keygen?
我做这样创建私人加密密钥:
I do something like this to create private encrypted keys:
pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final
另外,由OpenSSL :: PKey :: RSA.new(1024)生成的密钥没有加密),当我尝试无密码登录时(即,将公钥复制到服务器并使用私有密码登录),不工作。
Also, keys generated by OpenSSL::PKey::RSA.new(1024) (without encryption), don't work when I try password-less logins (i.e., I copy the public key to the server and use the private one to login).
此外,当我通过OpenSSL打开一个ssh-keygen文件,然后检查它的内容,它似乎在键的开头和结尾有其他字符。这是否正常?
Also, when I open an ssh-keygen file via OpenSSL and then check its contents, it appears to have additional characters at the beginning and end of the key. Is this normal?
我真的不了解这些安全性的一些东西,但我正在尝试学习。我做错了什么?
I don't really understand some of this security stuff, but I'm trying to learn. What is it that I'm doing wrong?
推荐答案
我已经取得了一些进展。如果我使用Net :: SSH库,我可以这样做:
I've made some progress on this. If I use the Net::SSH library, I can do this:
Net::SSH::KeyFactory.load_private_key 'keyfile', 'passphrase'
通过阅读源代码,我还没有弄清楚图书馆做了什么OpenSSL的PKey :: RSA.new来完成这个...然后我再去测试一下,肯定够了,OpenSSL可以打开私钥,没有Net :: SSH ...我做了这么多的测试,不知何故我以前没有正确测试。
By reading the source code I have yet to figure out what the library does to OpenSSL's PKey::RSA.new to accomplish this... And then I go and test again, and sure enough, OpenSSL can open the private key just fine without Net::SSH... I've made so much tests that somehow I didn't test this correctly before.
但是我仍然有创建SSH兼容密钥对的问题,也许我会再次测试,并且答案:P ... nah,我对那部分不感兴趣
But I still have the issue of creating an SSH compatible key pair... and maybe I'll go test again and have the answer :P ... nah, I'm not that interested in that part
这篇关于从Ruby打开RSA私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!