Fix to allow decrypting eyaml (PKCS7) when using JRuby. #62
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here is a fix for Issue #61. I have tested it under JRuby 1.7.4.
Both the
subject
andissuer
need to be set on the X509 Cert that is created for decrypting of eyaml keys to work under JRuby.I have just used an arbitrary DN for the X509 Name ("/DC=org/DC=example/CN=eyaml"). You can change this to something else if you think it is important.
A simple way to reproduce the bug is to install MRI Ruby 1.9.3 using rbenv (or RVM) and also JRuby 1.7.4 (or later). Then encrypt some text in an .eyaml file with the PKCS7 key. When you try to decrypt the values using the
eyaml
orhiera
command under JRuby you will see an error.Install this patch and try again. Decrypting will succeed under JRuby. Note: You will need to create new PKCS7 keys (so that the cert contains the
issuer
andsubject
) and re-encrypt the eyaml values again.