creating certificates and public and private keys

[Adam Akhtar]

Hi im going to have to create a lot of public and private keys for
clients and would like to automate the process by using a script (in
ruby of course).

This is for an openvpn setup and currently ive been MANUALY creating
keys with the easy-rsa bat file that comes with it but id like to
automate it.

Is there a ruby libary available that would allow me to create public
and private keys if i already have a CA. Would openvpn recognize these
keys (are keys, keys no matter what language they are created in??? im
not hot on cryptology)

The other option would be to just execute the bat file from my ruby
script and simulate the keyboard to respond to the various prompts. I
havent doent this before so im not sure if this is easier or harder than
above. Any tips or pointers will really help!

 

[Dave English]

Hi im going to have to create a lot of public and private keys for
clients and would like to automate the process by using a script (in
ruby of course).

This is for an openvpn setup and currently ive been MANUALY creating
keys with the easy-rsa bat file that comes with it but id like to
automate it.

Is there a ruby libary available that would allow me to create public
and private keys if i already have a CA. Would openvpn recognize these
keys (are keys, keys no matter what language they are created in??? im
not hot on cryptology)

The other option would be to just execute the bat file from my ruby
script and simulate the keyboard to respond to the various prompts. I
havent doent this before so im not sure if this is easier or harder than
above. Any tips or pointers will really help!

I haven't done this myself.

But the common Swiss army knife for this is OpenSSL.

Ruby provides Ruby::OpenSSL. Apparently that library isn't the easiest
to use, but http://rubyforge.org/projects/sslplaypen/ has examples which
may help.

The alternative is to use drive the openssl command line, that may be
easier as there are plenty of examples for generating keys using
OpenSSL. The nascent http://rubyforge.org/projects/simplessl/ used the
openssl command line & might be a good starting point.

Other here may well know better, of course

 

[Eleanor McHugh]

In message <[email protected]>, Adam =
=20
I haven't done this myself.
=20
But the common Swiss army knife for this is OpenSSL.
=20
Ruby provides Ruby::OpenSSL. Apparently that library isn't the =

easiest to use, but http://rubyforge.org/projects/sslplaypen/ has =
examples which may help.

=20
The alternative is to use drive the openssl command line, that may be =

easier as there are plenty of examples for generating keys using =
OpenSSL. The nascent http://rubyforge.org/projects/simplessl/ used the =
openssl command line & might be a good starting point.

=20
Other here may well know better, of course

Ruby::OpenSSL is not the friendliest of libraries due to a lack of =
detailed documentation but you can find some coverage by Romek (the =
author of SSL PlayPen) and myself in the "Semantic DNS" presentation =
available at the link in my signature. That's mostly to do with ad hoc =
key generation in a hybrid crypto system but there may be something =
there that could be useful for a CA scenario.


Ellie

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net

 

[Dave English]

Ruby::OpenSSL is not the friendliest of libraries due to a lack of
detailed documentation but you can find some coverage by Romek (the
author of SSL PlayPen) and myself in the "Semantic DNS" presentation
available at the link in my signature. That's mostly to do with ad hoc
key generation in a hybrid crypto system but there may be something
there that could be useful for a CA scenario.

Ah, what a small world.

I enjoyed your flashtalk at the BCS earlier this year on Ruby & Unix
file handles. I guess it was a part of your current "The Ruby Guide to
*nix Plumbing", I'll have to have a look at the rest of your slides.

For myself I will have a look through the earlier Semantic web ones too.

Regards

 

[yermej]

But the common Swiss army knife for this is OpenSSL.

Ruby provides Ruby::OpenSSL.  Apparently that library isn't the easiest
to use, buthttp://rubyforge.org/projects/sslplaypen/has examples which
may help.

There are also some example uses of Ruby's OpenSSL library in the Ruby
source tarball:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/sample/openssl/

 

[Eleanor McHugh]

In message =

detailed documentation but you can find some coverage by Romek (the =
author of SSL PlayPen) and myself in the "Semantic DNS" presentation =
available at the link in my signature. That's mostly to do with ad hoc =
key generation in a hybrid crypto system but there may be something =
there that could be useful for a CA scenario.

=20
Ah, what a small world.
=20
I enjoyed your flashtalk at the BCS earlier this year on Ruby & Unix =

file handles. I guess it was a part of your current "The Ruby Guide to =
*nix Plumbing", I'll have to have a look at the rest of your slides.

It was the five-minute distillation of the usual 45-minute talk. =
Apparently standing on stage and saying "malloc" a lot is the bit people =
like most. DL::malloc still makes me smile whenever I use it lol

London could do with a few more multi-language meetups like that.

For myself I will have a look through the earlier Semantic web ones =

too.

Just to reiterate so there's no confusion, it's a Semantic DNS =
presentation: i.e. it discusses some of the basics of how to use the DNS =
tree as an application platform backed by coverage of crypto and network =
programming in Ruby. There's some blue sky research it's based on that =
we keep meaning to write up properly but Romek and I are lousy at that =
sort of thing


Ellie

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net
http://www.linkedin.com/in/eleanormchugh