This gem provides ruby implementations of different key stores. This was primarily created to provide the ability
to use many of the good Java key stores from ruby. This gem adds the key stores to the OpenSSL module structure,
since that is where the OpenSSL::PKCS12
keystore lives.
Add this line to your application's Gemfile:
gem 'keystores'
And then execute:
$ bundle
Or install it yourself as:
$ gem install keystores
The API for this gem is modeled after the Java KeyStore
class. All of the KeyStore
implementations provided by this
gem conform to the Keystores::Keystore
interface.
The certificate and key objects that these keystores return and expect are OpenSSL::X509::Certificate
and
OpenSSL::PKey
objects, respectively.
This gem supports reading trusted certificate entries and private key entries. It can read and decrypt RSA, DSA, and EC keys.
Example usage:
require 'keystores'
keystore = OpenSSL::JKS.new
# Load can take any IO object, or a path to a file
key_store_password = 'keystores'
keystore.load('/tmp/keystore.jks', key_store_password)
certificate = keystore.get_certificate('my_certificate')
key = keystore.get_key('my_key', key_store_password)
certificate.check_private_key(key)
certificate_chain = keystore.get_certificate_chain('my_key')
This gem supports writing trusted certificate entries and private key entries. It currently supports writing DSA, RSA, and EC private key entries.
Example usage:
require 'keystores'
keystore = OpenSSL::JKS.new
key = OpenSSL::PKey::RSA.new(File.read('my_key.pem'))
cert_chain = OpenSSL::X509::Certificate.new(File.read('my_cert.pem'))
private_key_password = 'key_password'
keystore.set_key_entry('my-key', key, cert_chain, private_key_password)
key_store_password = 'keystores'
keystore.store('my_keystore.jks', key_store_password)
Bug reports and pull requests are welcome on GitHub at https://github.com/rylarson/keystores.
The gem is available as open source under the terms of the MIT License.