From: "MartinBosslet (Martin Bosslet)" Date: 2013-03-28T09:14:55+09:00 Subject: [ruby-core:53787] [ruby-trunk - Bug #8177][Assigned] ext/openssl/pkcs7 signing fails with EC keys Issue #8177 has been updated by MartinBosslet (Martin Bosslet). Category set to ext Status changed from Open to Assigned Assignee set to MartinBosslet (Martin Bosslet) Hi Joseph, thanks for your analysis! You are right, there are several incosistencies when comparing EC's implementation to the PKey interface as it is implemented in RSA or DSA. I actually opened #6567 some time ago, collecting several of these inconsistencies. Fixing them completely will take some refactoring, but I'll certainly consider your pull request for that - thanks a lot for your work! Please feel free to skim through the issues I opened myself, I'd appreciate your input! ---------------------------------------- Bug #8177: ext/openssl/pkcs7 signing fails with EC keys https://bugs.ruby-lang.org/issues/8177#change-37980 Author: Jacob640 (Joseph Coyle) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: current: 2.1.0 ruby -v: ruby 2.1.0dev (2013-03-27 trunk 39950) [x86_64-darwin11.4.2] ext/openssl/pkcs7 signing fails with EC keys. This happens because the EC keys do not respond to key.private? method which is used to check that the key is a private key. Aliasing the instance method OpenSSL::PKey::EC.private_key? as OpenSSL::PKey::EC.private? fixes this problem and allows EC keys to be used for EC key signing. This problem is demonstrated at https://gist.github.com/Jacob640/5239454 One potential fix which makes the key interface more consistent is here: https://github.com/ruby/ruby/pull/265 This request also improves the EC public key interface by producing a warning if the public key is set before setting an EC group as required. -- http://bugs.ruby-lang.org/