class OpenSSL::PKey::EC

Public Instance Methods

to_pkcs8() click to toggle source
# File lib/keystores/jks/pkcs8_key.rb, line 20
def to_pkcs8
  integer = OpenSSL::ASN1::Integer.new(OpenSSL::BN.new('0'))
  oid = OpenSSL::ASN1::ObjectId.new('id-ecPublicKey')
  curve_name = OpenSSL::ASN1::ObjectId.new(self.group.curve_name)
  sequence = OpenSSL::ASN1::Sequence.new([oid, curve_name])
  octet_string = OpenSSL::ASN1::OctetString.new(encode_private_key.to_der)
  OpenSSL::ASN1::Sequence.new([integer, sequence, octet_string])
end
to_pkcs8_der() click to toggle source
# File lib/keystores/jks/pkcs8_key.rb, line 29
def to_pkcs8_der
  to_pkcs8.to_der
end
to_pkcs8_pem() click to toggle source
# File lib/keystores/jks/pkcs8_key.rb, line 33
def to_pkcs8_pem
  to_pkcs8.to_pem
end

Private Instance Methods

encode_private_key() click to toggle source

ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft):

ECPrivateKey ::= SEQUENCE {

version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL

}

We currently ignore the optional parameters and publicKey fields. We encode the parameters are as part of the curve name, not in the private key structure. We do this because Java expects things to be encoded this way

# File lib/keystores/jks/pkcs8_key.rb, line 52
def encode_private_key
  version = OpenSSL::ASN1::Integer.new(OpenSSL::BN.new('1'))
  # The private key is stored as the twos complement binary representation
  priv_key = OpenSSL::ASN1::OctetString(private_key.to_s(2))
  OpenSSL::ASN1::Sequence.new([version, priv_key])
end