Issue #5951 has been updated by Martin Bosslet.

Status changed from Open to Assigned

Aah, that's bad. You can override the check for four characters by passing the password as an additional parameter (probably not what you want) or by giving a block that returns the password to PKey.new.
Other than that, I fear the only option to get consistent behavior here is to either require passwords to be at least four characters long everywhere, or to override OpenSSL's default PEM callback entirely and to provide our own.

The first acknowledges the four character restriction as a sort of "viral constraint", something I'd like to avoid. The second solution could be based on a call to gets or something. I'd prefer that. 

What do you think? 
----------------------------------------
Bug #5951: Exported RSA keys allow pass phrases that are too short
https://bugs.ruby-lang.org/issues/5951

Author: Eric Hodel
Status: Assigned
Priority: Normal
Assignee: Martin Bosslet
Category: ext
Target version: 
ruby -v: ruby 2.0.0dev (2011-12-20 trunk 34073) [x86_64-darwin11.2.0]


=begin

Exporting a key with this code:

  cipher = OpenSSL::Cipher::Cipher.new 'AES-128-CBC'
  pass_phrase = 'woo'

  key_secure = key.export cipher, pass_phrase

  open 'private.secure.pem', 'w' do |io|
    io.write key_secure
  end

Is not loadable:

  $ ruby20 -v -ropenssl -e 'OpenSSL::PKey::RSA.new File.read "private.secure.pem"' 
  ruby 2.0.0dev (2011-12-20 trunk 34073) [x86_64-darwin11.2.0]
  Enter PEM pass phrase: # I typed woo
  phrase is too short, needs to be at least 4 chars

=end



-- 
http://bugs.ruby-lang.org/