jruby-openssl icon indicating copy to clipboard operation
jruby-openssl copied to clipboard

Published 20 hours ago verified publisher icon jruby

Create RSA-Private key from params is not consistent with MRI OpenSSL realization.

Open keklabs opened this issue 8 years ago • 2 comments

I have 2 issues when I tested creation of RSA-keys on MRI 2.2.1 and JRuby 1.7.21, and JRuby 9.0.4.0 with default jruby-openssl and with the newest jruby-openssl-0.9.16.

First: When used MRI, the following code is sufficient to create a private key based on the parameters:

 key = OpenSSL::PKey::RSA.new
key.n = 16392814382236358374286478730803635966603711995044711413386654394374880287878372336023310219369520823643014365109038249939771923112625957783519605641636158082722812184189890358562406335672039498139105719171672367833874466201684192375357453493553219779287031256753504682678244544469842055901221240242010672802266061038234693512631745482956828422293756194060107183438880064480485030426406255944643048653218232929571416141572226550298104151251626730276899490795429237649764313700744612730340304290991262155071464084535035491902714392752262555875756559291544731914349885459219342356167914776303057793750903380835015380701
 key.e =65537
 key.d = 8618252583120279045211721999326171128207438497173589449444392894978203157282898497607201330673922211554084867324288766676455156794566845834126798791256447910954338675958049228745101397616310189791764767292673931271131494163282250458411905642925007057011072553693974454761110758498381189802349479416794753061526312713535622995717068052785511496532407970427918998417500167003562630342324169972907289753972592321214423024654079495371639922476604560915291047108267516965503027775028095661282617111885974176605235774750009282350259044414663614861306402475637459919636821689898223153676100655942410611994011860476755660833
 key.p = 132106356086970934080529113113767671543189729940801356555861084230358960253053991490110442282763014785124544664539348319156184847180183093240148483184121376171748107816792353670476021656436183378967241363337588709812858493250698429034286853487509860631471302878750076908827526040503226980292707712800066682949
 key.q = 124088006571343989948415935206460345925594147824587283876555232030347109072063652423929644576634240551777312871119239923547341866853355315785686449366219245620573978883748622277003192004409349865578106425455425062821566043347049271895440458988018263802012572332584782764929400238092741442445235131100827793849
key.private?  => true

The parameters key.dmp1, key.dmq1, key.iqmp are optional, could be calculated from others. JRuby-OpenSSL requires all parameters to be specified.

The second Issues is: The order of the parameters affects behavior in Jruby-Openssl.

Following sample generates only PUBLIC key:

 key = OpenSSL::PKey::RSA.new
 key.n = 16392814382236358374286478730803635966603711995044711413386654394374880287878372336023310219369520823643014365109038249939771923112625957783519605641636158082722812184189890358562406335672039498139105719171672367833874466201684192375357453493553219779287031256753504682678244544469842055901221240242010672802266061038234693512631745482956828422293756194060107183438880064480485030426406255944643048653218232929571416141572226550298104151251626730276899490795429237649764313700744612730340304290991262155071464084535035491902714392752262555875756559291544731914349885459219342356167914776303057793750903380835015380701
 key.e =65537
 key.d = 8618252583120279045211721999326171128207438497173589449444392894978203157282898497607201330673922211554084867324288766676455156794566845834126798791256447910954338675958049228745101397616310189791764767292673931271131494163282250458411905642925007057011072553693974454761110758498381189802349479416794753061526312713535622995717068052785511496532407970427918998417500167003562630342324169972907289753972592321214423024654079495371639922476604560915291047108267516965503027775028095661282617111885974176605235774750009282350259044414663614861306402475637459919636821689898223153676100655942410611994011860476755660833
 key.p = 132106356086970934080529113113767671543189729940801356555861084230358960253053991490110442282763014785124544664539348319156184847180183093240148483184121376171748107816792353670476021656436183378967241363337588709812858493250698429034286853487509860631471302878750076908827526040503226980292707712800066682949
 key.q = 124088006571343989948415935206460345925594147824587283876555232030347109072063652423929644576634240551777312871119239923547341866853355315785686449366219245620573978883748622277003192004409349865578106425455425062821566043347049271895440458988018263802012572332584782764929400238092741442445235131100827793849
 key.dmp1 = 73578989118919282783885037259544189490967110522287122037963918039833418788729676325922934589703763762250577984116076298058181779632437299074597554559818094710181262974023139504092584990207570772221222275120140730970123147544699849804073099562095990551443695892093554897630687329759506709715800493349223096281
 key.dmq1 = 14340640581219149180910055285620804431701940516401789646780129200266246610491937431662162259844480796178668045315731925186498730481213866392431590818922815605386687154821124938981371992025823822907496194003378083003655053058738593242535758981571483742564402136914981531983082493909004435434643192135094217169
 key.iqmp = 55572426880344315601454592760746767319147313863910743939171621776634463496206488656258091317869942769801739835898523470608136694670529616883597084305133427346321420954157078445019131474343610330894518193395854421722989028318542144103806973023950571640311385841411043358681472214153242263539236579775123364941
key.private?  => false !

but if you put the "n" and "e" parameter as last, than it generates PRIVATE key.

key = OpenSSL::PKey::RSA.new
 key.d = 8618252583120279045211721999326171128207438497173589449444392894978203157282898497607201330673922211554084867324288766676455156794566845834126798791256447910954338675958049228745101397616310189791764767292673931271131494163282250458411905642925007057011072553693974454761110758498381189802349479416794753061526312713535622995717068052785511496532407970427918998417500167003562630342324169972907289753972592321214423024654079495371639922476604560915291047108267516965503027775028095661282617111885974176605235774750009282350259044414663614861306402475637459919636821689898223153676100655942410611994011860476755660833
 key.p = 132106356086970934080529113113767671543189729940801356555861084230358960253053991490110442282763014785124544664539348319156184847180183093240148483184121376171748107816792353670476021656436183378967241363337588709812858493250698429034286853487509860631471302878750076908827526040503226980292707712800066682949
 key.q = 124088006571343989948415935206460345925594147824587283876555232030347109072063652423929644576634240551777312871119239923547341866853355315785686449366219245620573978883748622277003192004409349865578106425455425062821566043347049271895440458988018263802012572332584782764929400238092741442445235131100827793849
 key.dmp1 = 73578989118919282783885037259544189490967110522287122037963918039833418788729676325922934589703763762250577984116076298058181779632437299074597554559818094710181262974023139504092584990207570772221222275120140730970123147544699849804073099562095990551443695892093554897630687329759506709715800493349223096281
 key.dmq1 = 14340640581219149180910055285620804431701940516401789646780129200266246610491937431662162259844480796178668045315731925186498730481213866392431590818922815605386687154821124938981371992025823822907496194003378083003655053058738593242535758981571483742564402136914981531983082493909004435434643192135094217169
 key.iqmp = 55572426880344315601454592760746767319147313863910743939171621776634463496206488656258091317869942769801739835898523470608136694670529616883597084305133427346321420954157078445019131474343610330894518193395854421722989028318542144103806973023950571640311385841411043358681472214153242263539236579775123364941
 key.n = 16392814382236358374286478730803635966603711995044711413386654394374880287878372336023310219369520823643014365109038249939771923112625957783519605641636158082722812184189890358562406335672039498139105719171672367833874466201684192375357453493553219779287031256753504682678244544469842055901221240242010672802266061038234693512631745482956828422293756194060107183438880064480485030426406255944643048653218232929571416141572226550298104151251626730276899490795429237649764313700744612730340304290991262155071464084535035491902714392752262555875756559291544731914349885459219342356167914776303057793750903380835015380701
 key.e =65537
 key.private?  => true

The problem is only in jruby implementation, not in MRI.

Want to see this issue fixed? Post a bounty on it! We accept bounties via Bountysource.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

keklabs avatar Mar 29 '16 15:03 keklabs

The second issue has been resolved by #82.

philr avatar Apr 01 '16 14:04 philr

key.dmp1, key.dmq1 and key.iqmp handling (first part of this issue) is still broken in 9.1.12.0

MSNexploder avatar Jul 09 '17 16:07 MSNexploder