Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL::PKey::EC#to_pem or .new appears to change EC keys created by CRuby's openssl #257

Open
postmodern opened this issue May 10, 2022 · 1 comment
Open

OpenSSL::PKey::EC#to_pem or .new appears to change EC keys created by CRuby's openssl #257

postmodern opened this issue May 10, 2022 · 1 comment

Comments

@postmodern
Copy link

Steps To Reproduce

CRuby

require 'openssl'
ec = OpenSSL::PKey::EC.generate('prime256v1')
ec.generate_key
pem = ec.to_pem
# => "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFGFA23QpFp3ZgFniwlICLAjIc3Zxrt6Dw5ElfETPkoxoAoGCCqGSM49\nAwEHoUQDQgAEfAWhRpiAKNuIlXG54M/vSWN1kam9/1SKp8yeoHBN0YhpGDrh+JC0\ngwPqy/cOYhzzKUleb4+bjvImBkTB/1jvlQ==\n-----END EC PRIVATE KEY-----\n"

JRuby

require 'openssl'
pem = "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFGFA23QpFp3ZgFniwlICLAjIc3Zxrt6Dw5ElfETPkoxoAoGCCqGSM49\nAwEHoUQDQgAEfAWhRpiAKNuIlXG54M/vSWN1kam9/1SKp8yeoHBN0YhpGDrh+JC0\ngwPqy/cOYhzzKUleb4+bjvImBkTB/1jvlQ==\n-----END EC PRIVATE KEY-----\n"
ec = OpenSSL::PKey::EC.new(pem)
pem2 = ec.to_pem

Expected Result

# => "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFGFA23QpFp3ZgFniwlICLAjIc3Zxrt6Dw5ElfETPkoxoAoGCCqGSM49\nAwEHoUQDQgAEfAWhRpiAKNuIlXG54M/vSWN1kam9/1SKp8yeoHBN0YhpGDrh+JC0\ngwPqy/cOYhzzKUleb4+bjvImBkTB/1jvlQ==\n-----END EC PRIVATE KEY-----\n"

Actual Result

# => "-----BEGIN EC PRIVATE KEY-----\nMCUCAQEEIFGFA23QpFp3ZgFniwlICLAjIc3Zxrt6Dw5ElfETPkox\n-----END EC PRIVATE KEY-----\n"

The PEM exported by jruby-openssl appears to be much shorter than the PEM exported by CRuby's openssl.

Versions

  • jruby 9.3.2.0 (2.6.8) 2021-12-01 0b8223f905 OpenJDK 64-Bit Server VM 11.0.15+10 on 11.0.15+10 +jit [linux-x86_64]
  • jruby-openssl (0.12.2 java, default: 0.11.0 java)
@postmodern postmodern mentioned this issue May 10, 2022
Closed
@silkPK silkPK mentioned this issue Sep 9, 2022
Closed
@mattys101 mattys101 mentioned this issue Dec 15, 2023
Closed
@kares
Copy link
Member

kares commented Apr 11, 2024

not sure about whether the format is expected to be "byte level" same between C-OpenSSL and Java's Bouncy-Castle...
as long as one is able to parse other's PEM encoded format and end up with the same object.

The PEM exported by jruby-openssl appears to be much shorter than the PEM exported by CRuby's openssl.

was due 401749e which explicitly skipped the public part when encoding the private key

@kares kares mentioned this issue Apr 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@postmodern @kares