Class: OpenSSL::PKey::RSA
Overview
RSA is an asymmetric public key algorithm that has been formalized in RFC 3447. It is in widespread use in public key infrastuctures (PKI) where certificates (cf. OpenSSL::X509::Certificate) often are issued on the basis of a public/private RSA key pair. RSA is used in a wide field of applications such as secure (symmetric) key exchange, e.g. when establishing a secure TLS/SSL connection. It is also used in various digital signature schemes.
Class Method Summary collapse
-
.generate(*args) ⇒ Object
Generates an RSA keypair.
Instance Method Summary collapse
-
#export(*args) ⇒ Object
(also: #to_pem, #to_s)
Outputs this keypair in PEM encoding.
-
#initialize(*args) ⇒ Object
constructor
Generates or loads an RSA keypair.
-
#params ⇒ Hash
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!.
-
#private? ⇒ Boolean
Does this keypair contain a private key?.
-
#private_decrypt(*args) ⇒ Object
Decrypt
string
, which has been encrypted with the public key, with the private key. -
#private_encrypt(*args) ⇒ Object
Encrypt
string
with the private key. -
#public? ⇒ true
The return value is always true since every private key is also a public key.
-
#public_decrypt(*args) ⇒ Object
Decrypt
string
, which has been encrypted with the private key, with the public key. -
#public_encrypt(*args) ⇒ Object
Encrypt
string
with the public key. -
#public_key ⇒ Object
Makes new RSA instance containing the public key from the private key.
-
#to_der ⇒ DER-format String
Outputs this keypair in DER encoding.
-
#to_text ⇒ String
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!.
Methods inherited from PKey
Constructor Details
#new(key_size) ⇒ Object #new(encoded_key) ⇒ Object #new(encoded_key, pass_phrase) ⇒ Object
Generates or loads an RSA keypair. If an integer key_size
is given it represents the desired key size. Keys less than 1024 bits should be considered insecure.
A key can instead be loaded from an encoded_key
which must be PEM or DER encoded. A pass_phrase
can be used to decrypt the key. If none is given OpenSSL will prompt for the pass phrase.
Examples
OpenSSL::PKey::RSA.new 2048
OpenSSL::PKey::RSA.new File.read 'rsa.pem'
OpenSSL::PKey::RSA.new File.read('rsa.pem'), 'my pass phrase'
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
# File 'ossl_pkey_rsa.c', line 202
static VALUE
ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
RSA *rsa;
BIO *in;
char *passwd = NULL;
VALUE arg, pass;
GetPKey(self, pkey);
if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) {
rsa = RSA_new();
}
else if (FIXNUM_P(arg)) {
rsa = rsa_generate(FIX2INT(arg), NIL_P(pass) ? RSA_F4 : NUM2ULONG(pass));
if (!rsa) ossl_raise(eRSAError, NULL);
}
else {
if (!NIL_P(pass)) passwd = StringValuePtr(pass);
arg = ossl_to_der_if_possible(arg);
in = ossl_obj2bio(arg);
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd);
if (!rsa) {
OSSL_BIO_reset(in);
rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSAPrivateKey_bio(in, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSA_PUBKEY_bio(in, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
}
if (!rsa) {
OSSL_BIO_reset(in);
rsa = d2i_RSAPublicKey_bio(in, NULL);
}
BIO_free(in);
if (!rsa) {
ossl_raise(eRSAError, "Neither PUB key nor PRIV key");
}
}
if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return self;
}
|
Class Method Details
.generate(size) ⇒ Object .generate(size, exponent) ⇒ Object
Generates an RSA keypair. size
is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. exponent
is an odd number normally 3, 17, or 65537.
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'ossl_pkey_rsa.c', line 161
static VALUE
ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass)
{
/* why does this method exist? why can't initialize take an optional exponent? */
RSA *rsa;
VALUE size, exp;
VALUE obj;
rb_scan_args(argc, argv, "11", &size, &exp);
rsa = rsa_generate(NUM2INT(size), NIL_P(exp) ? RSA_F4 : NUM2ULONG(exp)); /* err handled by rsa_instance */
obj = rsa_instance(klass, rsa);
if (obj == Qfalse) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return obj;
}
|
Instance Method Details
#export([cipher, pass_phrase]) ⇒ PEM-format String #to_pem([cipher, pass_phrase]) ⇒ PEM-format String #to_s([cipher, pass_phrase]) ⇒ PEM-format String Also known as: to_pem, to_s
Outputs this keypair in PEM encoding. If cipher
and pass_phrase
are given they will be used to encrypt the key. cipher
must be an OpenSSL::Cipher::Cipher instance.
302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 |
# File 'ossl_pkey_rsa.c', line 302
static VALUE
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
BIO *out;
const EVP_CIPHER *ciph = NULL;
char *passwd = NULL;
VALUE cipher, pass, str;
GetPKeyRSA(self, pkey);
rb_scan_args(argc, argv, "02", &cipher, &pass);
if (!NIL_P(cipher)) {
ciph = GetCipherPtr(cipher);
if (!NIL_P(pass)) {
StringValue(pass);
if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
passwd = RSTRING_PTR(pass);
}
}
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
if (RSA_HAS_PRIVATE(pkey->pkey.rsa)) {
if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph,
NULL, 0, ossl_pem_passwd_cb, passwd)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
} else {
if (!PEM_write_bio_RSA_PUBKEY(out, pkey->pkey.rsa)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
}
str = ossl_membio2str(out);
return str;
}
|
#params ⇒ Hash
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Stores all parameters of key to the hash. The hash has keys ‘n’, ‘e’, ‘d’, ‘p’, ‘q’, ‘dmp1’, ‘dmq1’, ‘iqmp’.
Don’t use :-)) (It’s up to you)
510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 |
# File 'ossl_pkey_rsa.c', line 510
static VALUE
ossl_rsa_get_params(VALUE self)
{
EVP_PKEY *pkey;
VALUE hash;
GetPKeyRSA(self, pkey);
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(pkey->pkey.rsa->n));
rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(pkey->pkey.rsa->e));
rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(pkey->pkey.rsa->d));
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.rsa->p));
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.rsa->q));
rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(pkey->pkey.rsa->dmp1));
rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(pkey->pkey.rsa->dmq1));
rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(pkey->pkey.rsa->iqmp));
return hash;
}
|
#private? ⇒ Boolean
Does this keypair contain a private key?
282 283 284 285 286 287 288 289 290 |
# File 'ossl_pkey_rsa.c', line 282
static VALUE
ossl_rsa_is_private(VALUE self)
{
EVP_PKEY *pkey;
GetPKeyRSA(self, pkey);
return (RSA_PRIVATE(self, pkey->pkey.rsa)) ? Qtrue : Qfalse;
}
|
#private_decrypt(string) ⇒ String #private_decrypt(string, padding) ⇒ String
Decrypt string
, which has been encrypted with the public key, with the private key. padding
defaults to PKCS1_PADDING.
475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 |
# File 'ossl_pkey_rsa.c', line 475
static VALUE
ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
int buf_len, pad;
VALUE str, buffer, padding;
GetPKeyRSA(self, pkey);
if (!RSA_PRIVATE(self, pkey->pkey.rsa)) {
ossl_raise(eRSAError, "private key needed.");
}
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#private_encrypt(string) ⇒ String #private_encrypt(string, padding) ⇒ String
Encrypt string
with the private key. padding
defaults to PKCS1_PADDING. The encrypted string output can be decrypted using #public_decrypt.
443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 |
# File 'ossl_pkey_rsa.c', line 443
static VALUE
ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
int buf_len, pad;
VALUE str, buffer, padding;
GetPKeyRSA(self, pkey);
if (!RSA_PRIVATE(self, pkey->pkey.rsa)) {
ossl_raise(eRSAError, "private key needed.");
}
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public? ⇒ true
The return value is always true since every private key is also a public key.
264 265 266 267 268 269 270 271 272 273 274 |
# File 'ossl_pkey_rsa.c', line 264
static VALUE
ossl_rsa_is_public(VALUE self)
{
EVP_PKEY *pkey;
GetPKeyRSA(self, pkey);
/*
* This method should check for n and e. BUG.
*/
return Qtrue;
}
|
#public_decrypt(string) ⇒ String #public_decrypt(string, padding) ⇒ String
Decrypt string
, which has been encrypted with the private key, with the public key. padding
defaults to PKCS1_PADDING.
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 |
# File 'ossl_pkey_rsa.c', line 414
static VALUE
ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
int buf_len, pad;
VALUE str, buffer, padding;
GetPKeyRSA(self, pkey);
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public_encrypt(string) ⇒ String #public_encrypt(string, padding) ⇒ String
Encrypt string
with the public key. padding
defaults to PKCS1_PADDING. The encrypted string output can be decrypted using #private_decrypt.
385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 |
# File 'ossl_pkey_rsa.c', line 385
static VALUE
ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
int buf_len, pad;
VALUE str, buffer, padding;
GetPKeyRSA(self, pkey);
rb_scan_args(argc, argv, "11", &buffer, &padding);
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
(unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
return str;
}
|
#public_key ⇒ Object
Makes new RSA instance containing the public key from the private key.
568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 |
# File 'ossl_pkey_rsa.c', line 568
static VALUE
ossl_rsa_to_public_key(VALUE self)
{
EVP_PKEY *pkey;
RSA *rsa;
VALUE obj;
GetPKeyRSA(self, pkey);
/* err check performed by rsa_instance */
rsa = RSAPublicKey_dup(pkey->pkey.rsa);
obj = rsa_instance(CLASS_OF(self), rsa);
if (obj == Qfalse) {
RSA_free(rsa);
ossl_raise(eRSAError, NULL);
}
return obj;
}
|
#to_der ⇒ DER-format String
Outputs this keypair in DER encoding.
350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 |
# File 'ossl_pkey_rsa.c', line 350
static VALUE
ossl_rsa_to_der(VALUE self)
{
EVP_PKEY *pkey;
int (*i2d_func)_((const RSA*, unsigned char**));
unsigned char *p;
long len;
VALUE str;
GetPKeyRSA(self, pkey);
if(RSA_HAS_PRIVATE(pkey->pkey.rsa))
i2d_func = i2d_RSAPrivateKey;
else
i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY;
if((len = i2d_func(pkey->pkey.rsa, NULL)) <= 0)
ossl_raise(eRSAError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if(i2d_func(pkey->pkey.rsa, &p) < 0)
ossl_raise(eRSAError, NULL);
ossl_str_adjust(str, p);
return str;
}
|
#to_text ⇒ String
THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
Dumps all parameters of a keypair to a String
Don’t use :-)) (It’s up to you)
542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 |
# File 'ossl_pkey_rsa.c', line 542
static VALUE
ossl_rsa_to_text(VALUE self)
{
EVP_PKEY *pkey;
BIO *out;
VALUE str;
GetPKeyRSA(self, pkey);
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
if (!RSA_print(out, pkey->pkey.rsa, 0)) { /* offset = 0 */
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
str = ossl_membio2str(out);
return str;
}
|