OpenSSL in Ruby

'Summary - Migrating OpenSSL Keys to keystore' tutorial was cited in an OpenSSL in Ruby source code in 2011.

The Summary - Migrating "OpenSSL" Keys to "keystore" tutorial was cited in an OpenSSL in Ruby source code in 2011.

Subject: OpenSSL in Ruby
Date: Jan 14, 2011
Author: Ian
Source: http://mathish.com/2011/01/14/openssl-in-ruby.html

The following code assumes that there is a subdirectory named certs 
containing known certificates in PEM format, and a subdir keys 
containing the client’s private RSA key. Further, there are lots of 
comments specific to my actual needs, namely exporting keys generated 
in Java using keytool for an Apache ActiveMQ message broker. Lastly, 
to use the ca_path method, the certs directory needs to be properly 
indexed using c_rehash (make sure the underlying version of openssl 
matches the version Ruby’s OpenSSL extension was built against, 
otherwise the hash algorithm may not be the same.)

The code that follow was written for my own benefit in understanding 
the mapping between the OpenSSL C API and API available in Ruby. The 
actual connection established is specific to my needs, but the OpenSSL
setup should be pretty common. The type of the private key will differ
depending upon the algorithm used during the generation of the 
certificate.

#!/usr/bin/env ruby

require 'socket'
require 'openssl'

SSL_HOST = 'localhost'
SSL_PORT = 61612
SSL_CERT_DIR = File.expand_path('certs', File.dirname(__FILE__))
SSL_BROKER_CERT = File.expand_path('broker.pem', SSL_CERT_DIR)
SSL_CLIENT_CERT = File.expand_path('client.pem', SSL_CERT_DIR)
SSL_CLIENT_KEY = File.expand_path('keys/client.key', File.dirname(__FILE__))

USE_BROKER_CERT_FILE = false
USE_CLIENT_CERT = false
...

# Next, we need to get these keys into OpenSSL acceptable forms
# (see: http://conshell.net/wiki/index.php
# /Keytool_to_OpenSSL_Conversion_tips)
# Convert the broker keytool DER cert into a PEM cert
# > openssl x509 -out broker.pem -outform pem -in broker.der -inform der
# Convert the client keytool DER cert into a PEM cert
# > openssl x509 -out client.pem -outform pem -in client.der -inform der
# As I am using ActiveMQ, there isn't a need to generate anything more 
# on the broker side.  The client just needs the PEM form for SSL trust.
# However, when the broker requires ssl authentication 
# (needClientAuth=true on the transport URI), we will need the client's 
# private key from the keystore as well. Unfortunately, there is no 
# keytool command (as far as I've seen so far) that will export this 
# from a java keystore.  
# 
# So, we make use of the DumpKey program copied from 
# http://www.herongyang.com/crypto
# /Migrating_Keys_keytool_to_OpenSSL.html and found in 
# examples/DumpKey.java to export the private key. Finally, we convert 
# the private key output to a form usable by OpenSSL:
# > openssl enc -in client_bin.key -out client.key -a
# And wrap the output file with "-----BEGIN/END PRIVATE KEY-----" as 
# outlined in http://www.herongyang.com/crypto
# /Migrating_Keys_keytool_to_OpenSSL_4.html
# 
# Quite a bit of work... thanks Java!  Hopefully tests will require less
# work by using only OpenSSH within a stub broker.

tcp_sock = TCPSocket.new(SSL_HOST, SSL_PORT)
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
   |OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT

if USE_BROKER_CERT_FILE
  # Specify the cert file directly
  ctx.ca_file = SSL_BROKER_CERT
  ctx.ca_path = nil
else
...

Table of Contents

 About This Book

 Reference Citations in 2017

 Reference Citations in 2016

 Reference Citations in 2015

 Reference Citations in 2014

 Reference Citations in 2013

 Reference Citations in 2012

Reference Citations in 2011

 Simplified Chinese Unicode table

 How to Edit a Mobile Registry With Commander

OpenSSL in Ruby

 Utilisation de la JVisualVM en remote via jstatd

 OpenOffice.org Newsletter - April 2011

 AES Encryption / Decryption with Java 1.5 and ActionScript as3crypto

 problem in insert into database

 2X Gateway SSL

 Creating Installer

 Implement statement batch for Connector C++

 Twitter OAuth Library/HUD

 How to connect Oracle data base

 regexParser.cpp

 gloria.tv downloader

 SET IDENTITY_INSERT for table fails

 Winsock TCP buffering behaviour

 Passing Array in Function

 Reference Citations in 2010

 Reference Citations in 2009

 Reference Citations in 2008

 Reference Citations in 2007

 Reference Citations in 2006

 Reference Citations in 2005

 Reference Citations in 2004

 Reference Citations in 2003

 PDF Printing Version