ruby : openssl binding

rubyのソースからインストール。

deb1:~# cd ruby-1.8.6/ext/openssl
deb1:~/ruby-1.8.6/ext/openssl#

deb1:~/ruby-1.8.6/ext/openssl# apt-get install libssl-dev
Reading package lists… Done
Building dependency tree… Done
libssl-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

deb1:~/ruby-1.8.6/ext/openssl# ruby extconf.rb
=== OpenSSL for Ruby configurator ===
=== Checking for system dependent stuff… ===
checking for t_open() in -lnsl… no
checking for socket() in -lsocket… no
checking for assert.h… yes
=== Checking for required stuff… ===
checking for openssl/ssl.h… yes
checking for OpenSSL_add_all_digests() in -lcrypto… yes
checking for SSL_library_init() in -lssl… yes
checking for openssl/conf_api.h… yes
=== Checking for OpenSSL features… ===
checking for ERR_peek_last_error()… yes
checking for BN_mod_add()… yes
checking for BN_mod_sqr()… yes
checking for BN_mod_sub()… yes
checking for BN_pseudo_rand_range()… yes
checking for BN_rand_range()… yes
checking for CONF_get1_default_config_file()… yes
checking for EVP_CIPHER_CTX_copy()… no
checking for EVP_CIPHER_CTX_set_padding()… yes
checking for EVP_CipherFinal_ex()… yes
checking for EVP_CipherInit_ex()… yes
checking for EVP_DigestFinal_ex()… yes
checking for EVP_DigestInit_ex()… yes
checking for EVP_MD_CTX_cleanup()… yes
checking for EVP_MD_CTX_create()… yes
checking for EVP_MD_CTX_destroy()… yes
checking for EVP_MD_CTX_init()… yes
checking for HMAC_CTX_cleanup()… yes
checking for HMAC_CTX_copy()… no
checking for HMAC_CTX_init()… yes
checking for PEM_def_callback()… yes
checking for X509V3_set_nconf()… yes
checking for X509V3_EXT_nconf_nid()… yes
checking for X509_CRL_add0_revoked()… yes
checking for X509_CRL_set_issuer_name()… yes
checking for X509_CRL_set_version()… yes
checking for X509_CRL_sort()… yes
checking for X509_STORE_get_ex_data()… no
checking for X509_STORE_set_ex_data()… no
checking for OBJ_NAME_do_all_sorted()… yes
checking for OPENSSL_cleanse()… yes
checking for openssl/engine.h… yes
checking for ENGINE_add()… yes
checking for ENGINE_load_builtin_engines()… yes
checking for ENGINE_load_openbsd_dev_crypto()… no
checking for ENGINE_get_digest()… yes
checking for ENGINE_get_cipher()… yes
checking for ENGINE_cleanup()… yes
checking for openssl/ocsp.h… yes
checking for EVP_CIPHER_CTX.flags in openssl/evp.h… yes
checking for EVP_CIPHER_CTX.engine in openssl/evp.h… yes
checking for X509_ATTRIBUTE.single in openssl/x509.h… yes
=== Checking done. ===
creating extconf.h
creating Makefile
Done.

deb1:~/ruby-1.8.6/ext/openssl# make
gcc -shared -rdynamic -Wl,-export-dynamic   -L’/usr/local/lib’ -Wl,-R’/usr/local/lib’ -o

openssl.so ossl_ocsp.o ossl_pkey_dsa.o ossl_digest.o ossl_asn1.o ossl_pkey_rsa.o

ossl_x509crl.o ossl_bn.o ossl_pkey_dh.o ossl_pkcs12.o ossl_x509cert.o ossl_x509attr.o

ossl_pkcs7.o ossl_rand.o ossl_x509req.o ossl_pkey.o ossl_x509store.o ossl_ns_spki.o

ossl_hmac.o ossl_engine.o ossl_x509.o ossl.o ossl_x509name.o openssl_missing.o

ossl_x509ext.o ossl_x509revoked.o ossl_cipher.o ossl_config.o ossl_ssl.o ossl_bio.o  -lssl

-lcrypto  -ldl -lcrypt -lm   -lc

deb1:~/ruby-1.8.6/ext/openssl# make
gcc -shared -rdynamic -Wl,-export-dynamic   -L’/usr/local/lib’ -Wl,-R’/usr/local/lib’ -o

openssl.so ossl_ocsp.o ossl_pkey_dsa.o ossl_digest.o ossl_asn1.o ossl_pkey_rsa.o

ossl_x509crl.o ossl_bn.o ossl_pkey_dh.o ossl_pkcs12.o ossl_x509cert.o ossl_x509attr.o

ossl_pkcs7.o ossl_rand.o ossl_x509req.o ossl_pkey.o ossl_x509store.o ossl_ns_spki.o

ossl_hmac.o ossl_engine.o ossl_x509.o ossl.o ossl_x509name.o openssl_missing.o

ossl_x509ext.o ossl_x509revoked.o ossl_cipher.o ossl_config.o ossl_ssl.o ossl_bio.o  -lssl

-lcrypto  -ldl -lcrypt -lm   -lc
deb1:~/ruby-1.8.6/ext/openssl# make install
/usr/bin/install -c -m 0755 openssl.so /usr/local/lib/ruby/site_ruby/1.8/i686-linux
mkdir -p /usr/local/lib/ruby/site_ruby/1.8/net
mkdir -p /usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/net/telnets.rb /usr/local/lib/ruby/site_ruby/1.8/net
/usr/bin/install -c -m 644 ./lib/net/ftptls.rb /usr/local/lib/ruby/site_ruby/1.8/net
/usr/bin/install -c -m 644 ./lib/openssl/ssl.rb /usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/openssl/bn.rb /usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/openssl/digest.rb

/usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/openssl/x509.rb /usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/openssl/buffering.rb

/usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/openssl/cipher.rb

/usr/local/lib/ruby/site_ruby/1.8/openssl
/usr/bin/install -c -m 644 ./lib/openssl.rb /usr/local/lib/ruby/site_ruby/1.8

deb1:~# mkdir openssl
deb1:~# cd openssl/
deb1:~/openssl# date | openssl dgst > rnd.txt
deb1:~/openssl# more rnd.txt
ae1fdbfaca0f88ab5b30e82c0f602feb

deb1:~/openssl# openssl genrsa -rand rnd.txt -out pri.pem
33 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
………..++++++++++++
..++++++++++++
e is 65537 (0x10001)

deb1:~/openssl# more pri.pem
—–BEGIN RSA PRIVATE KEY—–
MIIBPAIBAAJBALXHMwxWPurLhJ+kQncSVizQAr4UeujoFwn6FXnOjThYHD0k36F5
(省略)
orRMdBwaYbSBy9fFuv8+3ozw/dWNGd6el86Xl7WBGYo=
—–END RSA PRIVATE KEY—–

deb1:~/openssl#openssl req -new -key pri.pem -out csr.pem -subj "/CN=hdknr.com /OU=sys.hdknr.com /O=sys  /C=JP"

deb1:~/openssl# more csr.pem
—–BEGIN CERTIFICATE REQUEST—–
MIIBBTCBsAIBADBLMRMwEQYDVQQDEwpoZGtuci5jb20gMRcwFQYDVQQLEw5zeXMu
(省略)
tlzKZLUD3o6hf1DTjY2nEgKdES0CidBdCg==
—–END CERTIFICATE REQUEST—–

deb1:~/openssl# openssl x509 -in csr.pem -out cert.pem -req -signkey pri.pem
Signature ok
subject=/CN=hdknr.com /OU=sys.hdknr.com /O=sys  /C=JP
Getting Private key

deb1:~/openssl# more cert.pem
—–BEGIN CERTIFICATE—–
MIIBiDCCATICCQCePRRtT6UoLTANBgkqhkiG9w0BAQUFADBLMRMwEQYDVQQDEwpo
(省略)
jiEBYeicxPAPNhVB
—–END CERTIFICATE—–

deb1:~/openssl# openssl x509 -pubkey -in cert.pem > pub.pem
deb1:~/openssl# more pub.pem
—–BEGIN PUBLIC KEY—–
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALXHMwxWPurLhJ+kQncSVizQAr4Ueujo
Fwn6FXnOjThYHD0k36F5EEVE2/nqu636LAntROfu/HGx4VgPzYWWFOUCAwEAAQ==
—–END PUBLIC KEY—–
—–BEGIN CERTIFICATE—–
MIIBiDCCATICCQCePRRtT6UoLTANBgkqhkiG9w0BAQUFADBLMRMwEQYDVQQDEwpo
jiEBYeicxPAPNhVB
—–END CERTIFICATE—–

 

確認

deb1:~/openssl# irb
irb(main):001:0> require ‘openssl’
=> true
irb(main):002:0> pri=OpenSSL::PKey::RSA.new(File::open(‘pri.pem’).read)
=> —–BEGIN RSA PRIVATE KEY—–
MIIBPAIBAAJBALXHMwxWPurLhJ+kQncSVizQAr4UeujoFwn6FXnOjThYHD0k36F5
EEVE2/nqu636LAntROfu/HGx4VgPzYWWFOUCAwEAAQJBAIoQp4w6QYVyWOQsDbOE
wOE+iKa4xXX7OeyA/yjKImbk9ETf44G79MmPTBiDb76IPLYSu0jL06tKgG2pvAEn
nI0CIQDs3gH30Ug3VL+fuXJhmy11oJ4uB2i1iwaMx3EL4mh4XwIhAMR2DB199T+V
s20EpQ2NRL4IFvfBIacqe7AGrOlWGQk7AiEA2w11RHmHD6SQkmYuIZYgtGeV4Xt4
mmu34vmO0i7P7oECIBtVSS45PgvQqhv6z3PpOa0utvNVXXdCg97jrt7v6Z/NAiEA
orRMdBwaYbSBy9fFuv8+3ozw/dWNGd6el86Xl7WBGYo=
—–END RSA PRIVATE KEY—–

irb(main):003:0> pub=OpenSSL::PKey::RSA.new(File::open(‘pub.pem’).read)
=> —–BEGIN RSA PUBLIC KEY—–
MEgCQQC1xzMMVj7qy4SfpEJ3ElYs0AK+FHro6BcJ+hV5zo04WBw9JN+heRBFRNv5
6rut+iwJ7UTn7vxxseFYD82FlhTlAgMBAAE=
—–END RSA PUBLIC KEY—–

irb(main):004:0>  h=OpenSSL::Digest::SHA1.new
=> da39a3ee5e6b4b0d3255bfef95601890afd80709
irb(main):005:0> data=’hdknr’
=> "hdknr"
irb(main):006:0> sig=pri.sign(h,data)
=> "20\221\366\344\345\226N\243\336\270\317\366L\26325\300S\310\241\324\233o17\376\32630A22\3600316.i\257M\203 27?W04\237\205(\365\31020\266QJ\354\261\205q134`\322f\326O\347t\237"
irb(main):007:0> p pub.verify(h,sig,data)
true
=> nil

カテゴリー: 未分類 パーマリンク

コメントを残す

以下に詳細を記入するか、アイコンをクリックしてログインしてください。

WordPress.com ロゴ

WordPress.com アカウントを使ってコメントしています。 ログアウト / 変更 )

Twitter 画像

Twitter アカウントを使ってコメントしています。 ログアウト / 変更 )

Facebook の写真

Facebook アカウントを使ってコメントしています。 ログアウト / 変更 )

Google+ フォト

Google+ アカウントを使ってコメントしています。 ログアウト / 変更 )

%s と連携中