ruby
inconsistent treatment of EC vs RSA keys
With RSA keys the public key is just an RSA object with no private key. The public key can always be derived from the private key. One can get PEM representations of each type by calling to_pem on the appropriate object:
2.4.1 :001 > key=OpenSSL::PKey::RSA.new(2048)
=> #<OpenSSL::PKey::RSA:0x00000005f4afb0>
2.4.1 :002 > key.private?
=> true
2.4.1 :003 > key.public?
=> true
2.4.1 :004 > key.public_key
=> #<OpenSSL::PKey::RSA:0x00000005e71828>
2.4.1 :005 > key.public_key.to_pem
=> "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9XttZBJPOUzIn6xJQpw\nRYpYlkKy2EC504oakZwp41R2mh84FHIPL1YoSQu27ItjzrGOfe/FLqX346x1+pZ5\nKXHAIC8os/sbbgDks0wqWDt0y0iKjF2U2lfj/VhOBhx9jMUe3MColMz5A2neuOnt\nIz6Dxtvw6a3HhrEQyChFwYBI38pAdydCxDltjtGKioZQG0mawwGjDMEH1EJpXpM3\nD8Ji5qlz8NTknw3ZBpnyzv7T16oe1uEprwLXjgbfLIncQEqD1SFNH6qMDRRhC1Xg\nQ3L/y7FTP2Knp95DzJARAco5q1wCOldUKFtsBG/ouSa9IArT5oZhR2r+XtikMSGu\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
The same is not true for EC keys. The public part is represented by an EC::Point, which has no to_pem or to_der methods defined. Is this simply an oversight, or is there something I'm missing? The desire is to have Raw Public Keys in subjectPubKeyInfo DER coded format.
EC keys:
2.4.1 :007 > eckey=OpenSSL::PKey::EC.new('prime256v1')
=> #<OpenSSL::PKey::EC:0x00000005b958c0>
2.4.1 :010 > eckey.generate_key
=> #<OpenSSL::PKey::EC:0x00000005b958c0>
2.4.1 :013 > eckey.to_pem
=> "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIAEuk7UD7bcGVcI13zNLdVy9eWrPcl5UQ9hBPCv/Jv7boAoGCCqGSM49\nAwEHoUQDQgAEkwY+EU1oWzZGJbxB8VCs3DJWtoVt6wPLw+6eG01d8QUJEveeG+MI\nu8iesEHfPnY7snYn0bPnfjf/itE+m3FnKg==\n-----END EC PRIVATE KEY-----\n"
2.4.1 :014 > eckey.public_key
=> #<OpenSSL::PKey::EC::Point:0x000000059c8830 @group=#<OpenSSL::PKey::EC::Group:0x000000059c8808>>
2.4.1 :015 > eckey.public_key.to_pem
NoMethodError: undefined method `to_pem' for #<OpenSSL::PKey::EC::Point:0x00000005986a48>
#29 suggests that this has been solved, but I don't really think so until OpenSSL::PKey::EC::Point has a to_pem/to_der method.
As pointed out in the linked issue, that OpenSSL::PKey::EC#public_key returns something completeeeeeetely different from what the other PKey subclasses #public_key methods return is a ship that has probably already sailed. However, a new method, OpenSSL::PKey#to_spki, which returned an instance of OpenSSL::X509::SPKI (or something of that nature) could provide the necessary API consistency. If a maintainer thinks that sounds wonderful, let me know and I'll whip up a PR (I'm pretty sure it can be done entirely in Ruby).
I implemented this (along with a few other useful features I needed) in the openssl-additions gem (source repo). If anything in there is considered suitable for inclusion in core, I can provide a suitable relicencing.
I don’t have time to cherry pick but instead rely on you with the knowledge about why it’s needed and how it’s implemented to make PRs. My goal is just to ensure timely and good quality code. So please feel free to make some PR to fix the issue and we can discuss further.
Well, the thing is, what I have already implemented in openssl-additions works quite fine for me, and I don't have time to try and figure out what would or would not be acceptable for core, especially when the turnaround time on discussion appears to be on the order of months.
@mpalmer , I have also been frustrated by slow turn around, but I also understand things from the other side of the fence (tcpdump and libpcap is way behind, and it's all my fault) I will go through your openssl-additions gem, which I think is at: https://github.com/pwnedkeys/openssl-additions and see if there are things there that I also want, and attempt to PR it.