Opening an RSA private key from Ruby

ruby encryption openssl encryption-asymmetric
11,335

Solution 1

I've made some progress on this. If I use the Net::SSH library, I can do this:

Net::SSH::KeyFactory.load_private_key 'keyfile', 'passphrase'

By reading the source code I have yet to figure out what the library does to OpenSSL's PKey::RSA.new to accomplish this... And then I go and test again, and sure enough, OpenSSL can open the private key just fine without Net::SSH... I've made so much tests that somehow I didn't test this correctly before.

But I still have the issue of creating an SSH compatible key pair... and maybe I'll go test again and have the answer :P ... nah, I'm not that interested in that part

Solution 2

According to the blog post here:

http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

You can simply do:

OpenSSL::PKey::RSA.new(File.read('private_key'), 'passphrase')

Best of luck.

Share:
11,335
Ivan
Author by

Ivan

Programmer since 1995. Happy Railer for the past 9+ years.

Updated on June 22, 2022

Comments

  • Ivan
    Ivan almost 2 years

    I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does?

    I know I can do this:

    OpenSSL::PKey::RSA.new(File.read('private_key'))

    But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter?

    And, how can I create one compatible to the ones generated by ssh-keygen?

    I do something like this to create private encrypted keys:

    pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final

    Also, keys generated by OpenSSL::PKey::RSA.new(1024) (without encryption), don't work when I try password-less logins (i.e., I copy the public key to the server and use the private one to login).

    Also, when I open an ssh-keygen file via OpenSSL and then check its contents, it appears to have additional characters at the beginning and end of the key. Is this normal?

    I don't really understand some of this security stuff, but I'm trying to learn. What is it that I'm doing wrong?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

rails encryption/decryption
Ruby: file encryption/decryption with private/public keys
Encrypt and decrypt string with c++, Openssl and aes
Extracting Private key from pkcs12 and text encryption
Decrypt with the public key using openssl in commandline
Nodejs createCipher vs createCipheriv
How do you open an encrypted SQLITE db on the iPhone?
OpenSSL server cipher selection
CSR failing: Error Parsing Request ASN1 bad tag value met (ASN: 267 CRYPT_E_ASN1_BADTAG)
Can't link OpenSSL code