Net::SSH update

J

Jamis Buck

Well, the thunderous silence that followed my query prompted me to
continue with my self-assigned task to implement Net::SSH in solitude.

However, I'm rapidly learning *why* Net::SSH has never, to date, been
implemented in Ruby--the OpenSSL module for Ruby leaves out some very
key features (no pun intended), namely:

1) It is frankly impossible to create an empty DH key with the Ruby
OpenSSL interface, and

2) There is no hook into the RSA_verify method.

Those are the two stumpers I've run into so far, and I have no doubt
I'll run into more.

So, given this situation, which is the recommended course of action?

1) Add the missing features to Ruby/OpenSSL and then submit patches,
hoping they'll get integrated into the main distro, or

2) Create my own binary module that provides the necessary features
of OpenSSL, and distribute it as part of Net::SSH.

Any opinions?

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

ruby -h | ruby -e
'a=[];readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a <<
r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'
 
A

Aredridel

1) Add the missing features to Ruby/OpenSSL and then submit patches,
hoping they'll get integrated into the main distro, or
Click to expand...

This option. definately. Why reinvent the wheel?
 
J

Jamis Buck

gabriele said:
I forgot to point you to this thread on ruby-core:
http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/2804?2699-2915+split-mode-vertical
Click to expand...

Um... maybe I'm just looking at it wrong, but it doesn't look like that
thread has anything to do with openssl or RSA... Could you double check
it, and if it is correct, help me understand how it applies?
it seem there is someone working on RSA stuff at least, that may be of
help to you. Sorry for ignoring the other message my memory is bad :/
Click to expand...

No worries. :) The list has been pretty busy lately--I just figured my
lone message got out-shouted by the really busy threads.

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

ruby -h | ruby -e
'a=[];readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a <<
r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'
 
G

GOTOU Yuuzou

Hi,
I'm a maintainer of OpenSSL module.

In message said:
Well, the thunderous silence that followed my query prompted me to
continue with my self-assigned task to implement Net::SSH in solitude.

However, I'm rapidly learning *why* Net::SSH has never, to date, been
implemented in Ruby--the OpenSSL module for Ruby leaves out some very
key features (no pun intended), namely:

1) It is frankly impossible to create an empty DH key with the Ruby
OpenSSL interface, and

2) There is no hook into the RSA_verify method.
Click to expand...

Is OpenSSL::pKey::RSA#verify not enough?

require "openssl"
rsa = OpenSSL::pKey::RSA.new(512)
data = File.read(__FILE__)
signature = rsa.sign(OpenSSL::Digest::SHA1.new, data)
p rsa.verify(OpenSSL::Digest::SHA1.new, signature, data)
1) Add the missing features to Ruby/OpenSSL and then submit patches,
hoping they'll get integrated into the main distro, or
Click to expand...

I hope this. I would be glad if you can help to improve our code.

regards,
 
J

Jamis Buck

GOTOU said:
Is OpenSSL::pKey::RSA#verify not enough?

require "openssl"
rsa = OpenSSL::pKey::RSA.new(512)
data = File.read(__FILE__)
signature = rsa.sign(OpenSSL::Digest::SHA1.new, data)
p rsa.verify(OpenSSL::Digest::SHA1.new, signature, data)
Click to expand...

I acually discovered this shortly after my original post. I missed it
because I was grepping the sources for "RSA_verify", but
OpenSSL::pKey.verify uses the EVP_Verify... family of functions, instead.

It should do nicely. Thanks. :)

I've already patched OpenSSL::pKey::DH and OpenSSL::pKey::RSA to allow
creation of empty keys, and I added some new accessors to
OpenSSL::pKey::DH. The modifications seem to be working so far.

What is the best way to submit these changes? And against which version
of the sources should I be working?

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

ruby -h | ruby -e
'a=[];readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a <<
r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'
 
G

GOTOU Yuuzou

In message said:
I've already patched OpenSSL::pKey::DH and OpenSSL::pKey::RSA to allow
creation of empty keys, and I added some new accessors to
OpenSSL::pKey::DH. The modifications seem to be working so far.

What is the best way to submit these changes? And against which version
of the sources should I be working?
Click to expand...

Please post it to this mailing list. I'll examine it for
Ruby 1.9. If the patch simply adds features and is stable,
it will be integrated to ruby_1_8 branch.

I'm making unit tests for OpenSSL module now, however I'm
not touched to PKeys yet. Could you add test code even for
the new features?

regards,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Net::SSH? 0
[ANN] Net::SSH 0.0.2 18
keys and openssl 0
[ANN] Net::SSH 0.0.1 2
[ANN] Net::SSH 0.1.0 2
net/ssh and ruby 1.9.1 3
Net::SSH is unable to use my RSA Key 0
Problems with net-ssh 0

Members online

No members online now.
Total: 31 (members: 0, guests: 31)
Robots: 202

Forum statistics

Threads
473,774
Messages
2,569,596
Members
45,143
Latest member
SterlingLa

Latest Threads

Top