从 Ruby 打开 RSA 私钥
我认为我知道如何创建自定义加密的 RSA 密钥,但是如何像 ssh-keygen 那样读取加密的密钥?
我知道我可以这样做:
OpenSSL::PKey::RSA.new(File.read('private_key'))
但是 OpenSSL 会要求我提供密码...我如何将它作为参数传递给 OpenSSL?
而且,我怎样才能创建一个与 ssh-keygen 生成的兼容的呢?
我做了类似的事情来创建私有加密密钥:
pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final
此外,当我尝试无密码登录时,由 OpenSSL::PKey::RSA.new(1024) (不加密)生成的密钥不起作用(即,我复制公钥到服务器并使用私钥登录)。
另外,当我通过 OpenSSL 打开 ssh-keygen 文件然后检查其内容时,它的密钥开头和结尾似乎有其他字符。 这是正常的吗?
我不太了解其中的一些安全知识,但我正在努力学习。 我做错了什么?
I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does?
I know I can do this:
OpenSSL::PKey::RSA.new(File.read('private_key'))
But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter?
And, how can I create one compatible to the ones generated by ssh-keygen?
I do something like this to create private encrypted keys:
pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final
Also, keys generated by OpenSSL::PKey::RSA.new(1024) (without encryption), don't work when I try password-less logins (i.e., I copy the public key to the server and use the private one to login).
Also, when I open an ssh-keygen file via OpenSSL and then check its contents, it appears to have additional characters at the beginning and end of the key. Is this normal?
I don't really understand some of this security stuff, but I'm trying to learn. What is it that I'm doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
根据此处的博客文章:
http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/
您可以简单地执行以下操作:
OpenSSL::PKey ::RSA.new(File.read('private_key'), 'passphrase')
祝你好运。
According to the blog post here:
http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/
You can simply do:
OpenSSL::PKey::RSA.new(File.read('private_key'), 'passphrase')
Best of luck.
我在这方面已经取得了一些进展。 如果我使用 Net::SSH 库,我可以这样做:
通过阅读源代码,我还没有弄清楚该库对 OpenSSL 的 PKey::RSA.new 做了什么来完成这个...然后我去测试果然,OpenSSL 可以在没有 Net::SSH 的情况下很好地打开私钥...我已经做了很多测试,不知何故我之前没有正确测试这一点。
但我仍然遇到创建 SSH 兼容密钥对的问题...也许我会再次测试并得到答案:P ...不,我对那部分不太感兴趣
I've made some progress on this. If I use the Net::SSH library, I can do this:
By reading the source code I have yet to figure out what the library does to OpenSSL's PKey::RSA.new to accomplish this... And then I go and test again, and sure enough, OpenSSL can open the private key just fine without Net::SSH... I've made so much tests that somehow I didn't test this correctly before.
But I still have the issue of creating an SSH compatible key pair... and maybe I'll go test again and have the answer :P ... nah, I'm not that interested in that part