Reputation: 1786
How do I make Ruby read .cer public ssl key?
I am working on a RoR website that requires an e-payment module. The e-payment implementation requires that the xml data is encoded using a public ssl key provided by them.
What I tried to do in Ruby:
public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file))
If I just try to open the file separately it works fine. But the RSA.new() method returns the following error:
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:: nested asn1 error
from (irb):5:in `initialize'
from (irb):5:in `new'
from (irb):5
From what I've seen in the online documentation a .pem file is used but my public key is something like public.cer. Could that be the problem ? The key itself seems to be OK for in the PHP example provided by the e-payment company the same public.cer file works fine.
What am I doing wrong?
Thanks,
Upvotes: 2
Views: 8520
Answers (4)
Reputation: 10922
Try replacing File.read with File.binread.
Depending on your platform (Windows is most susceptible) File.read may not return what you expect. Using File.binread will make sure you get the actual binary data of the binary certificate you are reading and want to work with.
Some background on the difference: https://stackoverflow.com/a/30081354/252627
Upvotes: 0
Reputation: 75496
The .cer file is most likely a X.509 certificate encoded in DER. Unfortunately, Ruby doesn't expose the OpenSSL interface to read certificate in DER. So you need to convert the DER to PEM first. This is fairly easy in Ruby,
b64 = Base64.encode64(File::read(cert_file))
pem = "-----BEGIN CERTIFICATE-----\n#{b64}-----END CERTIFICATE-----\n"
cert = OpenSSL::X509::Certificate.new(pem)
public_key = cert.public_key
Upvotes: 9
Reputation: 1996
Just an update - the current openssl gem for ruby 1.9.3 supports reading certificates from file in DER and PEM format.
cert = OpenSSL::X509::Certificate.new('certificate.pem')
cert = OpenSSL::X509::Certificate.new('certificate.cer')
See the documentation at http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html.
Upvotes: 2
Reputation: 2809
You can find information about the different encodings for certificates here: http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/
Try to convert your certificate from der format to pem.
openssl x509 –in input.crt –inform DER –out output.pem
Upvotes: 0
Related Questions
- Why is Ruby unable to verify an SSL certificate?
- Using Ruby OpenSSL to download and read certificates
- Setting up Ruby OpenSSL with a known public key
- Decoding CSR using Ruby OpenSSL with SANs
- ruby open ssl api for encrypted key (without nodes option)
- Implementing HTTPS certificate/pubkey pinning with Ruby
- Ruby Error reading in Certificate File with OpenSSL
- rails encryption/decryption
- How to load openssl via rails console?
- Invalid public keys when using the Ruby OpenSSL library