OpenSSL - Neither PUB key nor PRIV key:: nested asn1 error

问题

I am trying to initialize OpenSSL::PKey::RSA using a public key, and it is not working.

Following is the key pair:

-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBALbkpbDFbZ54bM5ybwwdCqsUHjxWQF4B0Q1sAOBFEYdpxZJZ8dAz
ycPzIgSlPc8yqjeqwJQtvCpktrntALpX1ksCAwEAAQJAYT0XyvBs48BrOSgmWm5m
aab8nF/PQSv+FgDCRnryYue3WZOpUqITB0w6ivC68G/+Mf6IXyE4ljqw2iIAdjyv
YQIhAOE20o2bLPMtziEOdH0KGpN0gNYpe38jGyvGw7k5gZd9AiEAz+TWZRJpc9yX
5dew3xcBtIhaTPFmVLgmfU7FwIWW32cCIQCvKK9LmUO1gouN5CsvUNtokbTeW/cD
467vNjDlb1deFQIhAK55pZ1p2GrOpgTWArEYg+vZy79rkbBkZJkh9UFgXIDdAiBm
Rglcmt9cD2Vqg7xMr7cP3FJbSmJffSwYve1fazuZOw==
-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MEoCAQACQLbkpbDFbZ54bM5ybwwdCqsUHjxWQF4B0Q1sAOBFEYdpxZJZ8dAzycPz
IgSlPc8yqjeqwJQtvCpktrntALpX1ksCAwEAAQ==
-----END PUBLIC KEY-----

OpenSSL::PKey::RSA.new(private_key) # WORKS!
OpenSSL::PKey::RSA.new(public_key) # FAILS!
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:: nested asn1 error
    from (irb):16:in `initialize'
    from (irb):16:in `new'
    from (irb):16
    from /Users/dhracker/.rvm/gems/ruby-1.9.3-p194/gems/railties-3.2.8/lib/rails/commands/console.rb:47:in `start'
    from /Users/dhracker/.rvm/gems/ruby-1.9.3-p194/gems/railties-3.2.8/lib/rails/commands/console.rb:8:in `start'
    from /Users/dhracker/.rvm/gems/ruby-1.9.3-p194/gems/railties-3.2.8/lib/rails/commands.rb:41:in `<top (required)>'
    from script/rails:6:in `require'
    from script/rails:6:in `<main>'

another_public_key = OpenSSL::PKey::RSA.new(512).public_key
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMS6XZD2NHTCwdgT+A2/PkStyJwYX/Qu
mfCyZc5TE5IZYaKsBg4uGcI97r8lxEv6rx5b0b6cIwQ7A7e6CUVph5MCAwEAAQ==
-----END PUBLIC KEY-----
OpenSSL::PKey::RSA.new(another_public_key) # WORKS!

What is wrong with public_key that causes things to fail?

回答1:

Following this link http://skim.la/2012/01/16/rsa-public-key-interoperability-between-ruby-and-android/ I had more success this way.

require 'openssl'
require 'base64'

public_key = "MIIBCgKCAQEA20O377QEiZvPsj14LKl2xO23iirJB5WDTVjeab1cIOJu1vbV+Pdwl1Bov8m896ZG4K0S/qvfJcdHLovr2WJ+o2maK1XZCNy8lA" +
  "zIPzZrj/yDZAB2GSjR3in1lQRQPtWjIOdB8Cy2FGybEstIkpf8MD3XMWp5g8BtdOv43ekjBuTiGGLlPRG0+IiazjHlWjyl6DU9x9m2Jxks0H6YZud6zf4s9Q6" +
  "9vPUYgOZXWs7IghxqrVGE5mWxoRudsDFhLYP706+IrSxGOf5fE0/8fjtzj/eJayCLmkUWq/xsts5tBAbwsX5xKdk8iD0OU2qOEbVuiYmehEiJnvO2vyd+t76C" +
  "xwIDAQAB"

rsa_public_key = OpenSSL::PKey::RSA.new(Base64.decode64(public_key))

回答2:

It looks like what you've got there should work only the public key itself isn't valid. Maybe you mangled them at some point by adding or removing an extra character by accident. You can test this key out and should see it work out

public_key = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAoxi2V0bSKqAqUtoQHxWkOPnErCS541r6/MOSHmKOd6VSNHoBbnas\nZRQSDUTbffB6C++DbmBCOHmvzYORD0ZWYgyMcgbYJD48Z2fe0nm+WMYN5u8DPnTP\nvf8b/rJBxGF0dsaoFAWlB81tTnKFCxAbCSgfmQt+Vd4qupGZ5gGu9uoKlaPjmYuA\nIxIjUMcu3dov7PQ+PZIvdkM0fiz8YIl8zo+iWWyI2s6/XLoZJ4bYs2YJHZDf6biU\nsZhs8xqh/F6qlcRt3Ta25KMa0TB9zE3HHmqA/EJHFubWFRCrQqpboB0+nwCbmZUl\nhaxA79FRvYtORvFAoncoFD4tq3rGXcUQQwIDAQAB\n-----END RSA PUBLIC KEY-----\n"

OpenSSL::PKey::RSA.new(public_key)

I generated my key by first running the linux command for generating an openSSH key pair

$  ssh-keygen -t rsa -b 1024

Then I converted OpenSSH style public key to an OpenSSL style key (PEM format), storing it in a file called 'pem'.

$  ssh-keygen -f testing_rsa.pub  -e -m pem > pem

回答3:

I was facing the same issue and I tried lot of different solutions given across internet. But the actual problem was with the key that I was providing. The formatting of the key should be proper. There should not be any extra character or \n , \t.

I hope this might help you. So, please check your key once again.

回答4:

Same day I was stuck with the same issue, changing passphrase might help you. So verify your passphrase and change it in notification class.I hope this might help you.

I have changed in file app/jobs/notification_job.rb

certificate: Rails.root.join('Your Pem File Name Goes Here'),# required
                passphrase:  "PASSPHRASE GOES HERE",              # optional
                gateway:     "gateway.push.apple.com", # optional; See note below.
                # gateway:     "gateway.sandbox.push.apple.com", # optional; See note below.

来源：https://stackoverflow.com/questions/14391312/openssl-neither-pub-key-nor-priv-key-nested-asn1-error