-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkeys are immutable on OpenSSL 3.0\e[0m (OpenSSL::PKey::PKeyError) #619
Comments
Looks like it's being worked on @ #555 . As for now, workarounds can be found here: |
In case anyone else is looking, DER formatting for public key and private key is slightly different. Here is the code I use to take raw hex public and private keys and load them into an @curve = 'prime256v1'
def pkey_from_private_key(private_key)
public_key = restore_public_key private_key
group = OpenSSL::PKey::EC::Group.new(@curve)
private_key_bn = OpenSSL::BN.new(private_key, 16)
public_key_bn = OpenSSL::BN.new(public_key, 16)
public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
asn1 = OpenSSL::ASN1::Sequence(
[
OpenSSL::ASN1::Integer.new(1),
OpenSSL::ASN1::OctetString(private_key_bn.to_s(2)),
OpenSSL::ASN1::ObjectId(@curve, 0, :EXPLICIT),
OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed), 1, :EXPLICIT)
]
)
OpenSSL::PKey::EC.new(asn1.to_der)
end
def restore_public_key(private_key)
private_bn = OpenSSL::BN.new private_key, 16
group = OpenSSL::PKey::EC::Group.new @curve
public_bn = group.generator.mul(private_bn).to_bn
public_bn = OpenSSL::PKey::EC::Point.new(group, public_bn).to_bn
public_bn.to_s(16).downcase
end
def pkey_from_public_key(public_key)
group = OpenSSL::PKey::EC::Group.new(@curve)
public_key_bn = OpenSSL::BN.new(public_key, 16)
public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
asn1 = OpenSSL::ASN1::Sequence.new(
[
OpenSSL::ASN1::Sequence.new([
OpenSSL::ASN1::ObjectId.new('id-ecPublicKey'),
OpenSSL::ASN1::ObjectId.new(group.curve_name)
]),
OpenSSL::ASN1::BitString.new(public_key_point.to_octet_string(:uncompressed))
]
)
OpenSSL::PKey::EC.new(asn1.to_der)
end
pkey_private_key = pkey_from_private_key('eeef3fba531e545464e63a45612f15de207eb676c464e5736c76ff5e500384cf')
pkey_public_key = pkey_from_public_key('046c2f610637495461e3a03e76f17860e6a24be250c9992a5406b3c905411b35a70fa907540c35061035be589f97b394fc2c290c2a1a4ccacedfd3d935a9584594') Hope others find this useful. |
kubicek
added a commit
to kubicek/dnsruby
that referenced
this issue
Mar 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HI, how do I use the existing private key and public key to encrypt the message? The keys are immutable now.
Environment:
Sample Code:
Error:
The text was updated successfully, but these errors were encountered: