从 Ruby 打开 RSA 私钥

发布于 2024-07-07 16:38:45 字数 830 浏览 15 评论 0原文

认为我知道如何创建自定义加密的 RSA 密钥,但是如何像 ssh-keygen 那样读取加密的密钥?

我知道我可以这样做:

OpenSSL::PKey::RSA.new(File.read('private_key'))

但是 OpenSSL 会要求我提供密码...我如何将它作为参数传递给 OpenSSL?

而且,我怎样才能创建一个与 ssh-keygen 生成的兼容的呢?

我做了类似的事情来创建私有加密密钥:

pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final

此外,当我尝试无密码登录时,由 OpenSSL::PKey::RSA.new(1024) (不加密)生成的密钥不起作用(即,我复制公钥到服务器并使用私钥登录)。

另外,当我通过 OpenSSL 打开 ssh-keygen 文件然后检查其内容时,它的密钥开头和结尾似乎有其他字符。 这是正常的吗?

我不太了解其中的一些安全知识,但我正在努力学习。 我做错了什么?

I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does?

I know I can do this:

OpenSSL::PKey::RSA.new(File.read('private_key'))

But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter?

And, how can I create one compatible to the ones generated by ssh-keygen?

I do something like this to create private encrypted keys:

pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final

Also, keys generated by OpenSSL::PKey::RSA.new(1024) (without encryption), don't work when I try password-less logins (i.e., I copy the public key to the server and use the private one to login).

Also, when I open an ssh-keygen file via OpenSSL and then check its contents, it appears to have additional characters at the beginning and end of the key. Is this normal?

I don't really understand some of this security stuff, but I'm trying to learn. What is it that I'm doing wrong?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

蒗幽 2024-07-14 16:38:45

根据此处的博客文章:

http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

您可以简单地执行以下操作:

OpenSSL::PKey ::RSA.new(File.read('private_key'), 'passphrase')

祝你好运。

According to the blog post here:

http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

You can simply do:

OpenSSL::PKey::RSA.new(File.read('private_key'), 'passphrase')

Best of luck.

野侃 2024-07-14 16:38:45

我在这方面已经取得了一些进展。 如果我使用 Net::SSH 库,我可以这样做:

Net::SSH::KeyFactory.load_private_key 'keyfile', 'passphrase'

通过阅读源代码,我还没有弄清楚该库对 OpenSSL 的 PKey::RSA.new 做了什么来完成这个...然后我去测试果然,OpenSSL 可以在没有 Net::SSH 的情况下很好地打开私钥...我已经做了很多测试,不知何故我之前没有正确测试这一点。

但我仍然遇到创建 SSH 兼容密钥对的问题...也许我会再次测试并得到答案:P ...不,我对那部分不太感兴趣

I've made some progress on this. If I use the Net::SSH library, I can do this:

Net::SSH::KeyFactory.load_private_key 'keyfile', 'passphrase'

By reading the source code I have yet to figure out what the library does to OpenSSL's PKey::RSA.new to accomplish this... And then I go and test again, and sure enough, OpenSSL can open the private key just fine without Net::SSH... I've made so much tests that somehow I didn't test this correctly before.

But I still have the issue of creating an SSH compatible key pair... and maybe I'll go test again and have the answer :P ... nah, I'm not that interested in that part

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文