OpenSSL and Key Passphrases

J

Jamis Buck

OpenSSL question:

I know you can create new keys easily using Ruby's OpenSSL module:

require 'openssl'

key = OpenSSL::pKey::DSA.new( 1024 )

However, is there a way to generate a new key that is protected by a
passphrase? I've picked through the ossl source code and don't see an
obvious answer to this question, so I figure it's either not possible,
or the procedure for doing it is non-obvious.

Thanks for any advice!

- Jamis

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."
 
J

Jamis Buck

Jamis said:
OpenSSL question:

I know you can create new keys easily using Ruby's OpenSSL module:

require 'openssl'

key = OpenSSL::pKey::DSA.new( 1024 )

However, is there a way to generate a new key that is protected by a
passphrase? I've picked through the ossl source code and don't see an
obvious answer to this question, so I figure it's either not possible,
or the procedure for doing it is non-obvious.

Thanks for any advice!

- Jamis
Click to expand...

Duh. It always happens that way. I get desperate, ask the question, and
then discover the answer:

require 'openssl'

key = OpenSSL::pKey::DSA.new( 1024 )
puts key.export( OpenSSL::Cipher::DES.new, "howdy howdy" )

*sigh* Sorry for the noise.

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."
 
E

Eric Hodel

--Rn7IEEq3VEzCw+ji
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=20
Duh. It always happens that way. I get desperate, ask the question, and= =20
then discover the answer:
=20
require 'openssl'
=20
key =3D OpenSSL::pKey::DSA.new( 1024 )
puts key.export( OpenSSL::Cipher::DES.new, "howdy howdy" )
=20
*sigh* Sorry for the noise.
Click to expand...

I've written an SSL certificate generator tool called QuickCert that
handles a surprising amount of SSL-foo. (More than even I know it does,
probably, since its a compilation of support scripts I found lying
about.) I wrote it to help with DRb over SSL, but it is equally
suitable for use anywhere an SSL certificate or key is needed. You can
download it from:

http://segment7.net/projects/ruby/QuickCert/

--=20
Eric Hodel - (e-mail address removed) - http://segment7.net
All messages signed with fingerprint:
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04


--Rn7IEEq3VEzCw+ji
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQFBCILhMypVHHlsnwQRAkgPAKCRQXnqNpDQHxefnLoFscet89I3hgCglXYP
E2p6Cld4ODta5hH7yCqAUbk=
=9Fea
-----END PGP SIGNATURE-----

--Rn7IEEq3VEzCw+ji--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

openssl. question about ec 0
keys and openssl 0
rsa sign and verify with openssl on windows 7
Net::SSH and older OpenSSL modules 0
OpenSSL: patch 23
openssl help 0
openssl ciphers 6
Another Ruby/OpenSSL Patch 2

Members online

No members online now.
Total: 36 (members: 1, guests: 35)
Robots: 444

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top