From: Martin Bosslet Date: 2012-02-09T10:59:06+09:00 Subject: [ruby-core:42453] [ruby-trunk - Bug #5951][Assigned] Exported RSA keys allow pass phrases that are too short Issue #5951 has been updated by Martin Bosslet. Status changed from Open to Assigned Aah, that's bad. You can override the check for four characters by passing the password as an additional parameter (probably not what you want) or by giving a block that returns the password to PKey.new. Other than that, I fear the only option to get consistent behavior here is to either require passwords to be at least four characters long everywhere, or to override OpenSSL's default PEM callback entirely and to provide our own. The first acknowledges the four character restriction as a sort of "viral constraint", something I'd like to avoid. The second solution could be based on a call to gets or something. I'd prefer that. What do you think? ---------------------------------------- Bug #5951: Exported RSA keys allow pass phrases that are too short https://bugs.ruby-lang.org/issues/5951 Author: Eric Hodel Status: Assigned Priority: Normal Assignee: Martin Bosslet Category: ext Target version: ruby -v: ruby 2.0.0dev (2011-12-20 trunk 34073) [x86_64-darwin11.2.0] =begin Exporting a key with this code: cipher = OpenSSL::Cipher::Cipher.new 'AES-128-CBC' pass_phrase = 'woo' key_secure = key.export cipher, pass_phrase open 'private.secure.pem', 'w' do |io| io.write key_secure end Is not loadable: $ ruby20 -v -ropenssl -e 'OpenSSL::PKey::RSA.new File.read "private.secure.pem"' ruby 2.0.0dev (2011-12-20 trunk 34073) [x86_64-darwin11.2.0] Enter PEM pass phrase: # I typed woo phrase is too short, needs to be at least 4 chars =end -- http://bugs.ruby-lang.org/