creating certificates and public and private keys

Discussion in 'Ruby' started by Adam Akhtar, Nov 26, 2009.

  1. Adam Akhtar

    Adam Akhtar Guest

    Hi im going to have to create a lot of public and private keys for
    clients and would like to automate the process by using a script (in
    ruby of course).

    This is for an openvpn setup and currently ive been MANUALY creating
    keys with the easy-rsa bat file that comes with it but id like to
    automate it.

    Is there a ruby libary available that would allow me to create public
    and private keys if i already have a CA. Would openvpn recognize these
    keys (are keys, keys no matter what language they are created in??? im
    not hot on cryptology)

    The other option would be to just execute the bat file from my ruby
    script and simulate the keyboard to respond to the various prompts. I
    havent doent this before so im not sure if this is easier or harder than
    above. Any tips or pointers will really help!
    --
    Posted via http://www.ruby-forum.com/.
     
    Adam Akhtar, Nov 26, 2009
    #1
    1. Advertising

  2. Adam Akhtar

    Dave English Guest

    In message <>, Adam
    Akhtar <> writes
    >Hi im going to have to create a lot of public and private keys for
    >clients and would like to automate the process by using a script (in
    >ruby of course).
    >
    >This is for an openvpn setup and currently ive been MANUALY creating
    >keys with the easy-rsa bat file that comes with it but id like to
    >automate it.
    >
    >Is there a ruby libary available that would allow me to create public
    >and private keys if i already have a CA. Would openvpn recognize these
    >keys (are keys, keys no matter what language they are created in??? im
    >not hot on cryptology)
    >
    >The other option would be to just execute the bat file from my ruby
    >script and simulate the keyboard to respond to the various prompts. I
    >havent doent this before so im not sure if this is easier or harder than
    >above. Any tips or pointers will really help!


    I haven't done this myself.

    But the common Swiss army knife for this is OpenSSL.

    Ruby provides Ruby::OpenSSL. Apparently that library isn't the easiest
    to use, but http://rubyforge.org/projects/sslplaypen/ has examples which
    may help.

    The alternative is to use drive the openssl command line, that may be
    easier as there are plenty of examples for generating keys using
    OpenSSL. The nascent http://rubyforge.org/projects/simplessl/ used the
    openssl command line & might be a good starting point.

    Other here may well know better, of course
    --
    Dave English -
     
    Dave English, Nov 27, 2009
    #2
    1. Advertising

  3. On 27 Nov 2009, at 11:01, Dave English wrote:
    > In message <>, Adam =

    Akhtar <> writes
    >> Hi im going to have to create a lot of public and private keys for
    >> clients and would like to automate the process by using a script (in
    >> ruby of course).
    >>=20
    >> This is for an openvpn setup and currently ive been MANUALY creating
    >> keys with the easy-rsa bat file that comes with it but id like to
    >> automate it.
    >>=20
    >> Is there a ruby libary available that would allow me to create public
    >> and private keys if i already have a CA. Would openvpn recognize =

    these
    >> keys (are keys, keys no matter what language they are created in??? =

    im
    >> not hot on cryptology)
    >>=20
    >> The other option would be to just execute the bat file from my ruby
    >> script and simulate the keyboard to respond to the various prompts. I
    >> havent doent this before so im not sure if this is easier or harder =

    than
    >> above. Any tips or pointers will really help!

    >=20
    > I haven't done this myself.
    >=20
    > But the common Swiss army knife for this is OpenSSL.
    >=20
    > Ruby provides Ruby::OpenSSL. Apparently that library isn't the =

    easiest to use, but http://rubyforge.org/projects/sslplaypen/ has =
    examples which may help.
    >=20
    > The alternative is to use drive the openssl command line, that may be =

    easier as there are plenty of examples for generating keys using =
    OpenSSL. The nascent http://rubyforge.org/projects/simplessl/ used the =
    openssl command line & might be a good starting point.
    >=20
    > Other here may well know better, of course



    Ruby::OpenSSL is not the friendliest of libraries due to a lack of =
    detailed documentation but you can find some coverage by Romek (the =
    author of SSL PlayPen) and myself in the "Semantic DNS" presentation =
    available at the link in my signature. That's mostly to do with ad hoc =
    key generation in a hybrid crypto system but there may be something =
    there that could be useful for a CA scenario.


    Ellie

    Eleanor McHugh
    Games With Brains
    http://slides.games-with-brains.net
    ----
    raise ArgumentError unless @reality.responds_to? :reason
     
    Eleanor McHugh, Nov 27, 2009
    #3
  4. Adam Akhtar

    Dave English Guest

    In message <>,
    Eleanor McHugh <> writes
    >On 27 Nov 2009, at 11:01, Dave English wrote:
    >> In message <>, Adam
    >>Akhtar <> writes
    >>> Hi im going to have to create a lot of public and private keys for
    >>> clients and would like to automate the process by using a script (in
    >>> ruby of course).


    >> I haven't done this myself.
    >>
    >> But the common Swiss army knife for this is OpenSSL.
    >>
    >> Ruby provides Ruby::OpenSSL. Apparently that library isn't the
    >>easiest to use, but http://rubyforge.org/projects/sslplaypen/ has
    >>examples which may help.


    >> Other here may well know better, of course

    >
    >
    >Ruby::OpenSSL is not the friendliest of libraries due to a lack of
    >detailed documentation but you can find some coverage by Romek (the
    >author of SSL PlayPen) and myself in the "Semantic DNS" presentation
    >available at the link in my signature. That's mostly to do with ad hoc
    >key generation in a hybrid crypto system but there may be something
    >there that could be useful for a CA scenario.


    Ah, what a small world.

    I enjoyed your flashtalk at the BCS earlier this year on Ruby & Unix
    file handles. I guess it was a part of your current "The Ruby Guide to
    *nix Plumbing", I'll have to have a look at the rest of your slides.

    For myself I will have a look through the earlier Semantic web ones too.

    Regards
    --
    Dave English -
     
    Dave English, Nov 27, 2009
    #4
  5. Adam Akhtar

    yermej Guest

    On Nov 27, 5:01 am, Dave English <> wrote:

    > But the common Swiss army knife for this is OpenSSL.
    >
    > Ruby provides Ruby::OpenSSL.  Apparently that library isn't the easiest
    > to use, buthttp://rubyforge.org/projects/sslplaypen/has examples which
    > may help.


    There are also some example uses of Ruby's OpenSSL library in the Ruby
    source tarball:
    http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/sample/openssl/
     
    yermej, Nov 27, 2009
    #5
  6. On 27 Nov 2009, at 13:12, Dave English wrote:
    > In message =

    <>, Eleanor =
    McHugh <> writes
    >> Ruby::OpenSSL is not the friendliest of libraries due to a lack of =

    detailed documentation but you can find some coverage by Romek (the =
    author of SSL PlayPen) and myself in the "Semantic DNS" presentation =
    available at the link in my signature. That's mostly to do with ad hoc =
    key generation in a hybrid crypto system but there may be something =
    there that could be useful for a CA scenario.
    >=20
    > Ah, what a small world.
    >=20
    > I enjoyed your flashtalk at the BCS earlier this year on Ruby & Unix =

    file handles. I guess it was a part of your current "The Ruby Guide to =
    *nix Plumbing", I'll have to have a look at the rest of your slides.

    It was the five-minute distillation of the usual 45-minute talk. =
    Apparently standing on stage and saying "malloc" a lot is the bit people =
    like most. DL::malloc still makes me smile whenever I use it lol

    London could do with a few more multi-language meetups like that.

    > For myself I will have a look through the earlier Semantic web ones =

    too.

    Just to reiterate so there's no confusion, it's a Semantic DNS =
    presentation: i.e. it discusses some of the basics of how to use the DNS =
    tree as an application platform backed by coverage of crypto and network =
    programming in Ruby. There's some blue sky research it's based on that =
    we keep meaning to write up properly but Romek and I are lousy at that =
    sort of thing :)


    Ellie

    Eleanor McHugh
    Games With Brains
    http://slides.games-with-brains.net
    http://www.linkedin.com/in/eleanormchugh
     
    Eleanor McHugh, Nov 28, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles A. Lackman
    Replies:
    1
    Views:
    1,422
    smith
    Dec 8, 2004
  2. SpamProof
    Replies:
    0
    Views:
    618
    SpamProof
    Oct 21, 2003
  3. DaveLessnau
    Replies:
    3
    Views:
    443
    Howard
    May 16, 2005
  4. Ivan Zuzak

    Export and Import certificates with private keys

    Ivan Zuzak, Feb 11, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    205
    Ivan Zuzak
    Feb 11, 2005
  5. n33470

    Are SSL certificates and x.509 certificates the same?

    n33470, Dec 14, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    197
    n33470
    Dec 14, 2005
Loading...

Share This Page