Net::SSH update

Well, the thunderous silence that followed my query prompted me to continue with my self-assigned task to implement Net::SSH in solitude.

However, I'm rapidly learning *why* Net::SSH has never, to date, been implemented in Ruby--the OpenSSL module for Ruby leaves out some very key features (no pun intended), namely:

   1) It is frankly impossible to create an empty DH key with the Ruby OpenSSL interface, and

   2) There is no hook into the RSA_verify method.

Those are the two stumpers I've run into so far, and I have no doubt I'll run into more.

So, given this situation, which is the recommended course of action?

   1) Add the missing features to Ruby/OpenSSL and then submit patches, hoping they'll get integrated into the main distro, or

   2) Create my own binary module that provides the necessary features of OpenSSL, and distribute it as part of Net::SSH.

Any opinions?

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

ruby -h | ruby -e 'a=[];readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a << r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'

   1) Add the missing features to Ruby/OpenSSL and then submit patches,
hoping they'll get integrated into the main distro, or

This option. definately. Why reinvent the wheel?

I forgot to point you to this thread on ruby-core:
http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/2804?2699-2915+split-mode-vertical

it seem there is someone working on RSA stuff at least, that may be of
help to you. Sorry for ignoring the other message my memory is bad :confused:

···

il Sat, 5 Jun 2004 22:11:56 +0900, Jamis Buck <jgb3@email.byu.edu> ha scritto::

Well, the thunderous silence that followed my query prompted me to
continue with my self-assigned task to implement Net::SSH in solitude.

Hi,
I'm a maintainer of OpenSSL module.

In message <40C1C675.2000006@email.byu.edu>,

Well, the thunderous silence that followed my query prompted me to
continue with my self-assigned task to implement Net::SSH in solitude.

However, I'm rapidly learning *why* Net::SSH has never, to date, been
implemented in Ruby--the OpenSSL module for Ruby leaves out some very
key features (no pun intended), namely:

   1) It is frankly impossible to create an empty DH key with the Ruby
OpenSSL interface, and

   2) There is no hook into the RSA_verify method.

Is OpenSSL::PKey::RSA#verify not enough?

  require "openssl"
  rsa = OpenSSL::PKey::RSA.new(512)
  data = File.read(__FILE__)
  signature = rsa.sign(OpenSSL::Digest::SHA1.new, data)
  p rsa.verify(OpenSSL::Digest::SHA1.new, signature, data)

   1) Add the missing features to Ruby/OpenSSL and then submit patches,
hoping they'll get integrated into the main distro, or

I hope this. I would be glad if you can help to improve our code.

regards,

···

`Jamis Buck <jgb3@email.byu.edu>' wrote:

--
gotoyuzo

gabriele renzi wrote:

I forgot to point you to this thread on ruby-core:
http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/2804?2699-2915+split-mode-vertical

Um... maybe I'm just looking at it wrong, but it doesn't look like that thread has anything to do with openssl or RSA... Could you double check it, and if it is correct, help me understand how it applies?

it seem there is someone working on RSA stuff at least, that may be of
help to you. Sorry for ignoring the other message my memory is bad :confused:

No worries. :slight_smile: The list has been pretty busy lately--I just figured my lone message got out-shouted by the really busy threads.

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

ruby -h | ruby -e 'a=;readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a << r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'

GOTOU Yuuzou wrote:

Is OpenSSL::PKey::RSA#verify not enough?

  require "openssl"
  rsa = OpenSSL::PKey::RSA.new(512)
  data = File.read(__FILE__)
  signature = rsa.sign(OpenSSL::Digest::SHA1.new, data)
  p rsa.verify(OpenSSL::Digest::SHA1.new, signature, data)

I acually discovered this shortly after my original post. I missed it because I was grepping the sources for "RSA_verify", but OpenSSL::PKey.verify uses the EVP_Verify... family of functions, instead.

It should do nicely. Thanks. :slight_smile:

I've already patched OpenSSL::PKey::DH and OpenSSL::PKey::RSA to allow creation of empty keys, and I added some new accessors to OpenSSL::PKey::DH. The modifications seem to be working so far.

What is the best way to submit these changes? And against which version of the sources should I be working?

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

ruby -h | ruby -e 'a=;readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a << r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'

ooops, sorry, this was the one:
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/2748

it seem mr. Evan Webb is working on Crypt::RSA , you could find it
here:
http://dark-ruby.org/

···

il Sun, 6 Jun 2004 00:01:48 +0900, Jamis Buck <jgb3@email.byu.edu> ha scritto::

gabriele renzi wrote:

I forgot to point you to this thread on ruby-core:
http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/2804?2699-2915+split-mode-vertical

Um... maybe I'm just looking at it wrong, but it doesn't look like that
thread has anything to do with openssl or RSA... Could you double check
it, and if it is correct, help me understand how it applies?

In message <40C302F1.9000705@email.byu.edu>,

I've already patched OpenSSL::PKey::DH and OpenSSL::PKey::RSA to allow
creation of empty keys, and I added some new accessors to
OpenSSL::PKey::DH. The modifications seem to be working so far.

What is the best way to submit these changes? And against which version
of the sources should I be working?

Please post it to this mailing list. I'll examine it for
Ruby 1.9. If the patch simply adds features and is stable,
it will be integrated to ruby_1_8 branch.

I'm making unit tests for OpenSSL module now, however I'm
not touched to PKeys yet. Could you add test code even for
the new features?

regards,

···

`Jamis Buck <jgb3@email.byu.edu>' wrote:

--
gotoyuzo