Claves públicas no válidas al usar la biblioteca Ruby OpenSSL

I'm trying to generate RSA keypairs in Ruby, mostly using the examples from esta entrada del blog. Here is my slightly modified code:

def generate_keypair(passphrase)
   rsa_key =
   cipher ='aes-256-cbc')
   private_key = rsa_key.to_pem(cipher, passphrase)
   public_key = rsa_key.public_key.to_pem
   return private_key, public_key

This successfully generates a private key and a public key, and I can write those out to files on the filesystem.

irb(main):002:0> private_key1, public_key1 = generate_keypair('test')
[...output of keys...]
irb(main):003:0>"key.pem","w") {|f| f.write(private_key1) }
=> 1766
irb(main):004:0>"pubkey.pem","w") {|f| f.write(public_key1) }
=> 426

However, OpenSSL complains when I try to use this public key:

$ openssl rsautl -encrypt -inkey pubkey.pem -pubin -in text.txt -out text.ssl
unable to load Public Key

Si uso el openssl tool to extract the public key from the private key then everything works:

$ openssl rsa -in key.pem -pubout -out pubkey2.pem
Enter pass phrase for key.pem:
writing RSA key
$ openssl rsautl -encrypt -inkey pubkey2.pem -pubin -in text.txt -out text.ssl
$ openssl rsautl -decrypt -inkey key.pem -in text.ssl 
Enter pass phrase for key.pem:
this is a 
file that
needs to be

The public key that the Ruby OpenSSL library produced is different from the public key that the openssl cli tool extracted from the private key:

$ cat pubkey.pem 

$ cat pubkey2.pem 
-----END PUBLIC KEY-----

I'm not quite sure what is going on here, but it seems as if the Ruby OpenSSL library is producing an invalid public key pem file. Am I doing something wrong?

preguntado el 08 de enero de 11 a las 19:01

See the answer to my own similar question at -

Ver también Use OpenSSL RSA key with .Net. It discusses how to use OpenSSL to save a key with both PKCS and Traditional encodings (BEGIN RSA PUBLIC KEY frente a BEGIN PUBLIC KEY). -

1 Respuestas

It seems that OSSL doesn't support that format. What "openssl rsa" generates is an RSA_PUBKEY structure: a PUBKEY record which is ASN.1-"tagged" (with an OID) to indicate that it's an RSA key. What Ruby generates is a "raw" RSA key (where the bytes don't indicate that it is RSA; so you have to declare that in the PEM header).

OSSL should use an API function like PEM_write_bio_RSA_PUBKEY (or the generic PEM_write_bio_PUBKEY), instead of/in addition to PEM_write_bio_RSAPublicKey.

Respondido el 08 de enero de 11 a las 23:01

Thanks, that's very helpful. I've been looking around for documentation about ways to add this information to the PEM header, but haven't found anything. Do you have any recommendations? I'd prefer to avoid having to shell out to openssl, but could as a last resort. - corywright

@corywright: Report this bug to OSSL. If you can, produce a patch that offers an alternative way to encode the public key. In principle, it would be possible to convert the two forms in pure Ruby, but you'll have to be an expert on ASN.1 DER to do that. - Martin contra Löwis

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.