Ruby open ssl api for encrypted key (no host option)

Question

Ruby open ssl api for encrypted key (no host option)

On a Linux machine with openssl lib installed, when you run "openssl pkcs12" with the "-nodes" option, you get output with an unencrypted private key, but if you skip the -nodes option, then the output will have an encrypted private key.

     e.g.
             openssl pkcs12 -in test.pfx -out test.pem

You should see the private key encrypted as shown below

----- START ENCRYPTED PRIVATE KEY -----
MIIFDjBABgkqhkiGG7s =
----- END ENCRYPTED PRIVATE KEY -----

How can I use the above with the rubs open ssl library?

This is how I create the private key with ruby:

    @private_key = OpenSSL::PKey::RSA.new 2048
    @private_key.to_pem.to_s

EDIT:

I think my question is how this command encrypts the private key:

openssl pkcs12 -in test.pfx -out test.pem

then:

"openssl pkcs12 -nodes -in test.pfx -out test.pem"

. ruby?

+6

ruby ruby-on-rails ssl openssl encryption

Micheal 09 . '18 22:24

1

JawguyChooser · Accepted Answer · 2018-01-17T21:46:14+0000

- . , . , , PEM. , , 3 , ruby-docs.org:

$ cat ssl.rb 
require 'openssl'
key = OpenSSL::PKey::RSA.new 2048
cipher = OpenSSL::Cipher.new 'AES-128-CBC'
pass_phrase = 'my secure pass phrase goes here'
key_secure = key.export cipher, pass_phrase
puts key_secure

voila, :

$ ruby ssl.rb
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D8062F93C8854E593602D503E1FAC309

UsNQt/Bq7QBldOBU7NW6miCDuC+ODpeplaWQ9BvJW4Wg7j0AbKgMZAn7juegAbjG
JVkpdDNzhs37UVWmqwg64yYP6KEBGg4zCog2a993UHRvFTQb6tyugKHc+uFeyY+D
...
-----END RSA PRIVATE KEY-----

- , ?

-

EDIT: Asker , , openssl pkcs12, -nodes.

-nodes DES. , - DES, , DES. man pkcs12. , , openssl, .

ruby :

puts OpenSSL::Cipher.cipher

( )

DES :

des
des-cbc
des-cfb
des-cfb1
des-cfb8
des-ecb
des-ede
des-ede-cbc
des-ede-cfb
des-ede-ofb
des-ede3
des-ede3-cbc
des-ede3-cfb
des-ede3-cfb1
des-ede3-cfb8
des-ede3-ofb
des-ofb
des3
desx
desx-cbc

, PKCS12 , DES- openssl . , DES- OpenSSL?

openssl wiki, DES CBC, , DES-EDE3-CBC.

, , , . , opensl , -nodes, , cat openssl asn1parse. , : rsa , :

$ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpA....
-----END RSA PRIVATE KEY
$ cat key.pem | openssl asn1parse
    0:d=0  hl=4 l=1188 cons: SEQUENCE          
4:d=1  hl=2 l=   1 prim: INTEGER           :00
7:d=1  hl=4 l= 257 prim: INTEGER       ...

, ASN1 SEQUENCE .

pkcs12:

$ openssl pkcs12 -inkey key.pem -out key.pfx -export -nocerts -nodes
(choose a password)
$ openssl pkcs12 -in key.pfx -out outkey.pem -nodes
(enter password)

, , asn1parse:

cat keyout.pem | openssl asn1parse
    0:d=0  hl=4 l=1214 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  13 cons: SEQUENCE          
    9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption

ASN1 rsaEncryption .

, ? ASN1?

Ruby open ssl api for encrypted key (no host option)

More articles: