Class: OpenSSL::PKey::RSA
- Defined in:
- ext/openssl/ossl_pkey_rsa.c,
ext/openssl/ossl_pkey_rsa.c
Overview
RSA is an asymmetric public key algorithm that has been formalized in RFC 3447. It is in widespread use in public key infrastuctures (PKI) where certificates (cf. OpenSSL::X509::Certificate) often are issued on the basis of a public/private RSA key pair. RSA is used in a wide field of applications such as secure (symmetric) key exchange, e.g. when establishing a secure TLS/SSL connection. It is also used in various digital signature schemes.
Class Method Summary collapse
-
.generate(*args) ⇒ Object
Generates an RSA keypair.
Instance Method Summary collapse
-
#export(*args) ⇒ Object
(also: #to_pem, #to_s)
Outputs this keypair in PEM encoding.
-
#initialize(*args) ⇒ Object
constructor
Generates or loads an RSA keypair.
-
#params ⇒ Hash
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!.
-
#private? ⇒ Boolean
Does this keypair contain a private key?.
-
#private_decrypt(*args) ⇒ Object
Decrypt
string
, which has been encrypted with the public key, with the private key. -
#private_encrypt(*args) ⇒ Object
Encrypt
string
with the private key. -
#public? ⇒ true
The return value is always true since every private key is also a public key.
-
#public_decrypt(*args) ⇒ Object
Decrypt
string
, which has been encrypted with the private key, with the public key. -
#public_encrypt(*args) ⇒ Object
Encrypt
string
with the public key. -
#public_key ⇒ Object
Makes new RSA instance containing the public key from the private key.
-
#set_crt_params(dmp1, dmq1, iqmp) ⇒ self
Sets
dmp1
,dmq1
,iqmp
for the RSA instance. -
#set_factors(p, q) ⇒ self
Sets
p
,q
for the RSA instance. -
#set_key(n, e, d) ⇒ self
Sets
n
,e
,d
for the RSA instance. -
#to_der ⇒ DER-format String
Outputs this keypair in DER encoding.
-
#to_text ⇒ String
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!.
Methods inherited from PKey
Constructor Details
#new(key_size) ⇒ Object #new(encoded_key) ⇒ Object #new(encoded_key, pass_phrase) ⇒ Object
Generates or loads an RSA keypair. If an integer key_size
is given it represents the desired key size. Keys less than 1024 bits should be considered insecure.
A key can instead be loaded from an encoded_key
which must be PEM or DER encoded. A pass_phrase
can be used to decrypt the key. If none is given OpenSSL will prompt for the pass phrase.
Examples
OpenSSL::PKey::RSA.new 2048
OpenSSL::PKey::RSA.new File.read 'rsa.pem'
OpenSSL::PKey::RSA.new File.read('rsa.pem'), 'my pass phrase'
220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 220
static VALUE
ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
RSA *rsa;
BIO *in;
VALUE arg, pass;
GetPKey(self, pkey);
if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) {
rsa = RSA_new();
}
else if (RB_INTEGER_TYPE_P(arg)) {
rsa = rsa_generate(NUM2INT(arg), NIL_P(pass) ? RSA_F4 : NUM2ULONG(pass));
if (!rsa) ossl_raise(eRSAError, NULL);
}
else {
pass = ossl_pem_passwd_value(pass);
arg = ossl_to_der_if_possible(arg);
in = ossl_obj2bio(arg);
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
if (!rsa) {
OSSL_BIO_reset(in);
rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSAPrivateKey_bio(in, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSA_PUBKEY_bio(in, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSAPublicKey_bio(in, NULL);
}
BIO_free(in);
if (!rsa) {
ossl_raise(eRSAError, "Neither PUB key nor PRIV key");
}
}
if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return self;
}
|
Class Method Details
.generate(size) ⇒ Object .generate(size, exponent) ⇒ Object
Generates an RSA keypair. size
is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. exponent
is an odd number normally 3, 17, or 65537.
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 179
static VALUE
ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass)
{
/* why does this method exist? why can't initialize take an optional exponent? */
RSA *rsa;
VALUE size, exp;
VALUE obj;
rb_scan_args(argc, argv, "11", &size, &exp);
rsa = rsa_generate(NUM2INT(size), NIL_P(exp) ? RSA_F4 : NUM2ULONG(exp)); /* err handled by rsa_instance */
obj = rsa_instance(klass, rsa);
if (obj == Qfalse) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return obj;
}
|
Instance Method Details
#export([cipher, pass_phrase]) ⇒ PEM-format String #to_pem([cipher, pass_phrase]) ⇒ PEM-format String #to_s([cipher, pass_phrase]) ⇒ PEM-format String Also known as: to_pem, to_s
Outputs this keypair in PEM encoding. If cipher
and pass_phrase
are given they will be used to encrypt the key. cipher
must be an OpenSSL::Cipher instance.
340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 340
static VALUE
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
BIO *out;
const EVP_CIPHER *ciph = NULL;
VALUE cipher, pass, str;
GetRSA(self, rsa);
rb_scan_args(argc, argv, "02", &cipher, &pass);
if (!NIL_P(cipher)) {
ciph = GetCipherPtr(cipher);
pass = ossl_pem_passwd_value(pass);
}
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
if (RSA_HAS_PRIVATE(rsa)) {
if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0,
ossl_pem_passwd_cb, (void *)pass)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
} else {
if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
}
str = ossl_membio2str(out);
return str;
}
|
#params ⇒ Hash
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Stores all parameters of key to the hash. The hash has keys ‘n’, ‘e’, ‘d’, ‘p’, ‘q’, ‘dmp1’, ‘dmq1’, ‘iqmp’.
Don’t use :-)) (It’s up to you)
550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 550
static VALUE
ossl_rsa_get_params(VALUE self)
{
RSA *rsa;
VALUE hash;
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
GetRSA(self, rsa);
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(n));
rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(e));
rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(d));
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(dmp1));
rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(dmq1));
rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(iqmp));
return hash;
}
|
#private? ⇒ Boolean
Does this keypair contain a private key?
320 321 322 323 324 325 326 327 328 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 320
static VALUE
ossl_rsa_is_private(VALUE self)
{
RSA *rsa;
GetRSA(self, rsa);
return RSA_PRIVATE(self, rsa) ? Qtrue : Qfalse;
}
|
#private_decrypt(string) ⇒ String #private_decrypt(string, padding) ⇒ String
Decrypt string
, which has been encrypted with the public key, with the private key. padding
defaults to PKCS1_PADDING.
513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 513
static VALUE
ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
if (!RSA_PRIVATE(self, rsa))
ossl_raise(eRSAError, "private key needed.");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#private_encrypt(string) ⇒ String #private_encrypt(string, padding) ⇒ String
Encrypt string
with the private key. padding
defaults to PKCS1_PADDING. The encrypted string output can be decrypted using #public_decrypt.
479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 479
static VALUE
ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
if (!RSA_PRIVATE(self, rsa))
ossl_raise(eRSAError, "private key needed.");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public? ⇒ true
The return value is always true since every private key is also a public key.
301 302 303 304 305 306 307 308 309 310 311 312 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 301
static VALUE
ossl_rsa_is_public(VALUE self)
{
RSA *rsa;
GetRSA(self, rsa);
/*
* This method should check for n and e. BUG.
*/
(void)rsa;
return Qtrue;
}
|
#public_decrypt(string) ⇒ String #public_decrypt(string, padding) ⇒ String
Decrypt string
, which has been encrypted with the private key, with the public key. padding
defaults to PKCS1_PADDING.
447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 447
static VALUE
ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public_encrypt(string) ⇒ String #public_encrypt(string, padding) ⇒ String
Encrypt string
with the public key. padding
defaults to PKCS1_PADDING. The encrypted string output can be decrypted using #private_decrypt.
415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 415
static VALUE
ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
{
RSA *rsa;
const BIGNUM *rsa_n;
int buf_len, pad;
VALUE str, buffer, padding;
GetRSA(self, rsa);
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
if (!rsa_n)
ossl_raise(eRSAError, "incomplete RSA");
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, RSA_size(rsa));
buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), rsa, pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public_key ⇒ Object
Makes new RSA instance containing the public key from the private key.
611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 611
static VALUE
ossl_rsa_to_public_key(VALUE self)
{
EVP_PKEY *pkey;
RSA *rsa;
VALUE obj;
GetPKeyRSA(self, pkey);
/* err check performed by rsa_instance */
rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
obj = rsa_instance(rb_obj_class(self), rsa);
if (obj == Qfalse) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return obj;
}
|
#set_crt_params(dmp1, dmq1, iqmp) ⇒ self
Sets dmp1
, dmq1
, iqmp
for the RSA instance. They are calculated by d mod (p - 1)
, d mod (q - 1)
and q^(-1) mod p
respectively.
#set_factors(p, q) ⇒ self
Sets p
, q
for the RSA instance.
#set_key(n, e, d) ⇒ self
Sets n
, e
, d
for the RSA instance.
#to_der ⇒ DER-format String
Outputs this keypair in DER encoding.
382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 382
static VALUE
ossl_rsa_to_der(VALUE self)
{
RSA *rsa;
int (*i2d_func)(const RSA *, unsigned char **);
unsigned char *p;
long len;
VALUE str;
GetRSA(self, rsa);
if (RSA_HAS_PRIVATE(rsa))
i2d_func = i2d_RSAPrivateKey;
else
i2d_func = (int (*)(const RSA *, unsigned char **))i2d_RSA_PUBKEY;
if((len = i2d_func(rsa, NULL)) <= 0)
ossl_raise(eRSAError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if(i2d_func(rsa, &p) < 0)
ossl_raise(eRSAError, NULL);
ossl_str_adjust(str, p);
return str;
}
|
#to_text ⇒ String
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Dumps all parameters of a keypair to a String
Don’t use :-)) (It’s up to you)
585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 |
# File 'ext/openssl/ossl_pkey_rsa.c', line 585
static VALUE
ossl_rsa_to_text(VALUE self)
{
RSA *rsa;
BIO *out;
VALUE str;
GetRSA(self, rsa);
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
if (!RSA_print(out, rsa, 0)) { /* offset = 0 */
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
str = ossl_membio2str(out);
return str;
}
|