cchandler
commented
13 years ago I had a longer-term plan in place to increase the size of the modulus to 2048, but first I need to revisit the test suite and specifically pass 1024 in any case I need to generate a key, otherwise it makes autotesting a pain.
I want to take a filtered approach to handling key management. I could see doing something like a FileFilter class/module that you can include if you want that kind of functionality. The problem with adding it to the class like that is it leads to inconsistent structure between wrapped keys, unwrapped keys, and hardware keys. Right now, if in doubt, I use the hardware keys as the standard behavior.
It also leads to problems in maintaining the passwords in memory and whether or not once the key is unwrapped, does it remain unwrapped.
This is not an issue, but I propose to change the following on key_material:
def save_keys(file,password) File.open(file, 'w') {|f| f.write(self.keypair.to_pem(OpenSSL::Cipher.new("AES-256-CBC"),password)) } end
def load_keys(file,password) self.keypair = OpenSSL::PKey::RSA.new(File.read(file), password) self.private_key = keypair self.public_key = keypair.public_key self.keypair end