Issue #4421 has been updated by Martin Bosslet.


Nathaniel Talbott wrote:
> FYI, this does seem to break compatibility if you're using a fingerprint of the key for something, since (I just learned) key fingerprints are dependent on the format the key is stored in (since the fingerprint is based on the MD5 of the der-encoded key). Not sure there's much that can be done, but figured I'd leave this note here for anyone else that comes along later and encounters breakage due to this.
> 
> Our solution is to do a temporary hack to continue to spit out the old fingerprint, and migrate to a fingerprint based on the new format. Tricky, but doable.

Yes, unfortunately this broke things like fingerprints - someone approached me about a similar issue not that long ago. What might help in the process of migration is the fact that it is not too hard to port the pre-1.9.3 format to the newer X.509 public key format [1]. Similarly, you could also do the "downgrade" from the 1.9.3 format to the PKCS#1 format used by pre-1.9.3, allowing you to keep the old fingerprints. 

If this would help you in your migration process and you need the latter instead of the former, let me know, I could also provide a code sample for that case.

-Martin 

[1] https://gist.github.com/1470287
----------------------------------------
Bug #4421: [ext/openssl] Fix RSA public key encoding
https://bugs.ruby-lang.org/issues/4421

Author: Martin Bosslet
Status: Closed
Priority: Normal
Assignee: Martin Bosslet
Category: ext
Target version: 1.9.3
ruby -v: -


=begin
 When calling RSA#to_der and RSA#to_pem on RSA public keys, they currently
 get encoded using i2d_RSAPublicKey and PEM_write_bio_RSAPublicKey. This encoding
 was specified in PKCS#1 and is specific to RSA. It is also not the default 
 encoding used by OpenSSL itself, which rather uses the generic format generated
 by i2d_RSA_PUBKEY and PEM_write_bio_RSA_PUBKEY. This format is the same that is
 used in a certificate's SubjectPublicKeyInfo, the advantage being that the format
 is generic and can be used to represent public keys of all kinds, including RSA,
 DSA and Elliptic Curve.
 
 The attached patch will make use of the generic format for encoding RSA keys. The
 change should not cause compatibility problems, since RSA#initialize uses several
 fallback scenarios that cover public keys of both formats.
 
 The fallbacks are also re-prioritized according to these changes.
 
 Regards,
 Martin
=end



-- 
http://bugs.ruby-lang.org/