Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PEM Format headers differ in MRI and JRuby #17

Closed
toshe opened this issue Dec 11, 2014 · 4 comments
Closed

PEM Format headers differ in MRI and JRuby #17

toshe opened this issue Dec 11, 2014 · 4 comments

Comments

@toshe
Copy link

toshe commented Dec 11, 2014
edited by headius
Loading

I don't know if this is the place to submit this issue but there seems to be a pretty big incompatability between the JRuby and MRI Implementation of OpenSSL regarding RSA keys.

Basically if you generate and export an RSA key pair in JRuby you end up with keys looking like this:

-----BEGIN RSA PUBLIC KEY----- ...somekey... -----END RSA PUBLIC KEY-----

Those keys however are considered invalid when trying to read them under MRI - openssl then throws an Neither PUB key nor PRIV key:: nested asn1 error

Now the keys generated under MRI have different headers:

-----BEGIN PUBLIC KEY----- ...somekey... -----END PUBLIC KEY-----

Once you take the JRuby keys and remove RSA from the header and footer the key gets accepted just fine under MRI.
Here's the code that I use to generate the key pair. The same code results in different output under MRI and JRuby - different headers.

    require 'openssl'
    key = OpenSSL::PKey::RSA.new(2048)

    cipher = OpenSSL::Cipher.new 'AES-128-CBC'
    pass_phrase = 'some_pass_phrase'

    key_secure = key.export cipher, pass_phrase

    open public_key_path, 'w' do |io| io.write key.public_key.to_pem end

    open private_key_path, 'w' do |io| io.write key_secure end

The JRuby generated key is of course read without problems under JRuby. However trying to read that same public key generated with JRuby under MRI results in error.

PUBLIC_KEY = OpenSSL::PKey::RSA.new File.read(public_key_path)

The described behaviour is observed in JRuby 1.7.17 and MRI 2.1.3.

Basically JRuby generates PKCS#1 RSAPublicKey (PEM header: BEGIN RSA PUBLIC KEY) and MRI generates X.509 SubjectPublicKeyInfo (PEM header: BEGIN PUBLIC KEY).
Shouldn't the behaviour be consistent under all platforms?
@toshe
Copy link
Author

toshe commented May 4, 2015

Hey guys, can somebody confirm this behaviour? Is there a way to force OpenSSL to generate X.509 SubjectPublicKeyInfo keys?

@Oscil8
Copy link

Oscil8 commented Jun 16, 2015

The fact that only the header is different suggests that the body is not actually correct -- the header is consistent with PKCS#1 RSAPublicKey, but the body is consistent with X.509 SubjectPublicKeyInfo (which adds a prefix to the PKCS#1 body describing the content). Newer versions of OpenSSL actually support both formats but neither option is consistent with the serialization generated by JRuby.

@MSNexploder
Copy link
Contributor

Just tested this with JRuby 9.1.12.0 and MRI 2.3.3.
Both generate identical key headers and can read them without errors.

@Oscil8
Copy link

Oscil8 commented Jun 25, 2017

Looks like this was fixed in #76

@kares kares closed this as completed Jun 26, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kares @MSNexploder @Oscil8 @toshe