问题
When building a public key using the OpenSSL::PKey::RSA module by passing it a .pem file, what is the cause for a response:
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:: nested asn1 error
from /Users/Matt/projects/placepop/lib/apn.rb:48:in `initialize'
from /Users/Matt/projects/placepop/lib/apn.rb:48:in `new'
from /Users/Matt/projects/placepop/lib/apn.rb:48:in `open'
from (irb):1
Here is the source:
cert = File.join(rails_root, 'config', 'apns', 'sandbox-cert.pem')
APN_CONFIG = { :delivery => {
:host => 'gateway.sandbox.push.apple.com',
:cert => cert,
:passphrase => "",
:port => 2195 },
:feedback => {
:host => 'feedback.sandbox.push.apple.com',
:port => 2196,
:passphrase => "",
:cert => cert} }
options = APN_CONFIG[:delivery].merge(options)
cert = File.read(options[:cert])
ctx = OpenSSL::SSL::SSLContext.new
ctx.key = OpenSSL::PKey::RSA.new(cert, options[:passphrase])
ctx.cert = OpenSSL::X509::Certificate.new(cert)
sock = TCPSocket.new(options[:host], options[:port])
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync = true
ssl.connect
回答1:
A pem file is not a public key, it is a base64-encoded X509 certificate that contains, among its many fields, a public key. I don't know Ruby, or the OpenSSL ruby module, but I would look for some function that reads in PEM files and outputs an X509 certificate, then another function to extract the public key from the certificate.
回答2:
I've got the same problem and it had a different cause. Now guess what :)
...
The damn password was wrong :( Searched 3 days for that "solution". Could have been a "Sorry dude, that's the wrong password!" instead of "nested asn1 error" imho but anyways, maybe this will help somebody.
回答3:
If you are using dotenv for instance, you have to surround the value with " and have \n for newlines.
PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIICW ... UcuUtU0eIl\n-----END RSA PRIVATE KEY-----"
回答4:
I had a similar problem too, but for me I wasn't creating a pem file for my id_rsa.pub file in the first place. For me I needed to create a pem file out of my existing public key:
ssh-keygen -f testing_rsa.pub -e -m pem > pem
Then I copied that OpenSSL string into my test file where it was being used. It looked like this in the end for me.
@pub_key = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAoxi2V0bSKqAqUtoQHxWkOPnErCS541r6/MOSHmKOd6VSNHoBbnas\nZRQSDUTbffB6C++DbmBCOHmvzYORD0ZWYgyMcgbYJD48Z2fe0nm+WMYN5u8DPnTP\nvf8b/rJBxGF0dsaoFAWlB81tTnKFCxAbCSgfmQt+Vd4qupGZ5gGu9uoKlaPjmYuA\nIxIjUMcu3dov7PQ+PZIvdkM0fiz8YIl8zo+iWWyI2s6/XLoZJ4bYs2YJHZDf6biU\nsZhs8xqh/F6qlcRt3Ta25KMa0TB9zE3HHmqA/EJHFubWFRCrQqpboB0+nwCbmZUl\nhaxA79FRvYtORvFAoncoFD4tq3rGXcUQQwIDAQAB\n-----END RSA PUBLIC KEY-----\n"
.
.
.
OpenSSL::PKey::RSA.new(@pub_key)
After that the method stopped throwing that error.
回答5:
My problem was that OpenSSL::PKey::RSA.new() wants the file contents and not the file path. Thus, using something like this worked:
OpenSSL::PKey::RSA.new(File.read "./spec/support/keys/server.key")
The OP was already doing this, but hopefully this will help someone. Because it assumes it's file contents and not a file path, even if you supply an invalid path you won't be warned.
回答6:
Make sure your .pem files are in this format.
public_key_file.pem:
-----BEGIN PUBLIC KEY-----
// Your public key goes here
-----END PUBLIC KEY-----
private_key_file.pem:
-----BEGIN RSA PRIVATE KEY-----
// Your private key goes here
-----END RSA PRIVATE KEY-----
回答7:
In my case the function expected a private key while there was a certificate stored in some variable. Exchanging the input with a private key fixed the error.
回答8:
I am using Webrick in my tests and trying to instantiate my private key with the wrong class led me to that error message:
SSLCertificate: OpenSSL::PKey::RSA.new(File.open(MOCK_CERT).read),
But this worked:
SSLCertificate: OpenSSL::X509::Certificate.new(File.open(MOCK_CERT).read),
Facepalm
来源:https://stackoverflow.com/questions/2293608/what-causes-neither-pub-key-nor-priv-key-nested-asn1-error-when-building-a-p