diff --git a/Rakefile b/Rakefile index dfebe57a8..b88b5df8e 100644 --- a/Rakefile +++ b/Rakefile @@ -32,6 +32,7 @@ Rake::TestTask.new(:test_fips_internal) do |t| 'test/openssl/test_pkey_dh.rb', 'test/openssl/test_pkey_dsa.rb', 'test/openssl/test_pkey_ec.rb', + 'test/openssl/test_pkey_rsa.rb', ] t.warning = true end diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 61c55c60b..02693c277 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -14,9 +14,7 @@ def test_no_private_exp end if !openssl?(3, 0, 0) # Impossible state in OpenSSL 3.0 def test_private - # Generated by key size and public exponent - key = OpenSSL::PKey::RSA.new(512, 3) - assert(key.private?) + key = Fixtures.pkey("rsa2048") # Generated by DER key2 = OpenSSL::PKey::RSA.new(key.to_der) @@ -46,55 +44,66 @@ def test_private end def test_new - key = OpenSSL::PKey::RSA.new(512) - assert_equal 512, key.n.num_bits + key = OpenSSL::PKey::RSA.new(2048) + assert_equal 2048, key.n.num_bits assert_equal 65537, key.e assert_not_nil key.d + assert(key.private?) + end + + def test_new_public_exponent + # At least 2024-bits RSA key are required in FIPS. + omit_on_fips # Specify public exponent - key2 = OpenSSL::PKey::RSA.new(512, 3) - assert_equal 512, key2.n.num_bits - assert_equal 3, key2.e - assert_not_nil key2.d + key = OpenSSL::PKey::RSA.new(512, 3) + assert_equal 512, key.n.num_bits + assert_equal 3, key.e end def test_s_generate - key1 = OpenSSL::PKey::RSA.generate(512) - assert_equal 512, key1.n.num_bits + key1 = OpenSSL::PKey::RSA.generate(2048) + assert_equal 2048, key1.n.num_bits assert_equal 65537, key1.e + end + + def test_s_generate_public_exponent + # At least 2024-bits RSA key are required in FIPS. + omit_on_fips # Specify public exponent - key2 = OpenSSL::PKey::RSA.generate(512, 3) - assert_equal 512, key2.n.num_bits - assert_equal 3, key2.e - assert_not_nil key2.d + key = OpenSSL::PKey::RSA.generate(512, 3) + assert_equal 512, key.n.num_bits + assert_equal 3, key.e end def test_new_break - assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) + assert_nil(OpenSSL::PKey::RSA.new(2048) { break }) assert_raise(RuntimeError) do - OpenSSL::PKey::RSA.new(1024) { raise } + OpenSSL::PKey::RSA.new(2048) { raise } end end def test_sign_verify - rsa1024 = Fixtures.pkey("rsa1024") + rsa = Fixtures.pkey("rsa2048") data = "Sign me!" - signature = rsa1024.sign("SHA256", data) - assert_equal true, rsa1024.verify("SHA256", signature, data) + signature = rsa.sign("SHA256", data) + assert_equal true, rsa.verify("SHA256", signature, data) signature0 = (<<~'end;').unpack1("m") - oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+ - WA6YQo8jPH4hSuyWIM4Gz4qRYiYRkl5TDMUYob94zm8Si1HxEiS9354tzvqS - zS8MLW2BtNPuTubMxTItHGTnOzo9sUg0LAHVFt8kHG2NfKAw/gQ= + ooy49i8aeFtkDYUU0RPDsEugGiNw4lZxpbQPnIwtdftEkka945IqKZ/MY3YSw7wKsvBZeaTy8GqL + lSWLThsRFDV+UUS9zUBbQ9ygNIT8OjdV+tNL63ZpKGprczSnw4F05MQIpajNRud/8jiI9rf+Wysi + WwXecjMl2FlXlLJHY4PFQZU5TiametB4VCQRMcjLo1uf26u/yRpiGaYyqn5vxs0SqNtUDM1UL6x4 + NHCAdqLjuFRQPjYp1vGLD3eSl4061pS8x1NVap3YGbYfGUyzZO4VfwFwf1jPdhp/OX/uZw4dGB2H + gSK+q1JiDFwEE6yym5tdKovL1g1NhFYHF6gkZg== end; - assert_equal true, rsa1024.verify("SHA256", signature0, data) + assert_equal true, rsa.verify("SHA256", signature0, data) signature1 = signature0.succ - assert_equal false, rsa1024.verify("SHA256", signature1, data) + assert_equal false, rsa.verify("SHA256", signature1, data) end def test_sign_verify_options - key = Fixtures.pkey("rsa1024") + key = Fixtures.pkey("rsa2048") data = "Sign me!" pssopts = { "rsa_padding_mode" => "pss", @@ -102,7 +111,7 @@ def test_sign_verify_options "rsa_mgf1_md" => "SHA1" } sig_pss = key.sign("SHA256", data, pssopts) - assert_equal 128, sig_pss.bytesize + assert_equal 256, sig_pss.bytesize assert_equal true, key.verify("SHA256", sig_pss, data, pssopts) assert_equal true, key.verify_pss("SHA256", sig_pss, data, salt_length: 20, mgf1_hash: "SHA1") @@ -175,12 +184,12 @@ def test_verify_empty_rsa end def test_sign_verify_pss - key = Fixtures.pkey("rsa1024") + key = Fixtures.pkey("rsa2048") data = "Sign me!" invalid_data = "Sign me?" signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA1") - assert_equal 128, signature.bytesize + assert_equal 256, signature.bytesize assert_equal true, key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1") assert_equal true, @@ -196,14 +205,26 @@ def test_sign_verify_pss assert_equal false, key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1") - signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1") - assert_equal true, - key.verify_pss("SHA256", signature, data, salt_length: 94, mgf1_hash: "SHA1") - assert_equal true, - key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1") + # The sign_pss with `salt_length: :max` raises the "invalid salt length" + # error in FIPS. We need to skip the tests in FIPS. + # According to FIPS 186-5 section 5.4, the salt length shall be between zero + # and the output block length of the digest function (inclusive). + # + # FIPS 186-5 section 5.4 PKCS #1 + # https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf + unless OpenSSL.fips_mode + signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1") + # Should verify on the following salt_length (sLen). + # sLen <= emLen (octat) - 2 - hLen (octet) = 2048 / 8 - 2 - 256 / 8 = 222 + # https://datatracker.ietf.org/doc/html/rfc8017#section-9.1.1 + assert_equal true, + key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA1") + assert_equal true, + key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1") + end assert_raise(OpenSSL::PKey::RSAError) { - key.sign_pss("SHA256", data, salt_length: 95, mgf1_hash: "SHA1") + key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA1") } end @@ -213,8 +234,13 @@ def test_encrypt_decrypt # Defaults to PKCS #1 v1.5 raw = "data" - enc = rsapub.encrypt(raw) - assert_equal raw, rsapriv.decrypt(enc) + # According to the NIST SP 800-131A Rev. 2 section 6, PKCS#1 v1.5 padding is + # not permitted for key agreement and key transport using RSA in FIPS. + # https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf + unless OpenSSL.fips_mode + enc = rsapub.encrypt(raw) + assert_equal raw, rsapriv.decrypt(enc) + end # Invalid options assert_raise(OpenSSL::PKey::PKeyError) { @@ -227,11 +253,13 @@ def test_encrypt_decrypt_legacy rsapub = OpenSSL::PKey.read(rsapriv.public_to_der) # Defaults to PKCS #1 v1.5 - raw = "data" - enc_legacy = rsapub.public_encrypt(raw) - assert_equal raw, rsapriv.decrypt(enc_legacy) - enc_new = rsapub.encrypt(raw) - assert_equal raw, rsapriv.private_decrypt(enc_new) + unless OpenSSL.fips_mode + raw = "data" + enc_legacy = rsapub.public_encrypt(raw) + assert_equal raw, rsapriv.decrypt(enc_legacy) + enc_new = rsapub.encrypt(raw) + assert_equal raw, rsapriv.private_decrypt(enc_new) + end # OAEP with default parameters raw = "data" @@ -292,53 +320,67 @@ def test_to_der end def test_RSAPrivateKey - rsa1024 = Fixtures.pkey("rsa1024") + rsa = Fixtures.pkey("rsa2048") asn1 = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Integer(0), - OpenSSL::ASN1::Integer(rsa1024.n), - OpenSSL::ASN1::Integer(rsa1024.e), - OpenSSL::ASN1::Integer(rsa1024.d), - OpenSSL::ASN1::Integer(rsa1024.p), - OpenSSL::ASN1::Integer(rsa1024.q), - OpenSSL::ASN1::Integer(rsa1024.dmp1), - OpenSSL::ASN1::Integer(rsa1024.dmq1), - OpenSSL::ASN1::Integer(rsa1024.iqmp) + OpenSSL::ASN1::Integer(rsa.n), + OpenSSL::ASN1::Integer(rsa.e), + OpenSSL::ASN1::Integer(rsa.d), + OpenSSL::ASN1::Integer(rsa.p), + OpenSSL::ASN1::Integer(rsa.q), + OpenSSL::ASN1::Integer(rsa.dmp1), + OpenSSL::ASN1::Integer(rsa.dmq1), + OpenSSL::ASN1::Integer(rsa.iqmp) ]) key = OpenSSL::PKey::RSA.new(asn1.to_der) assert_predicate key, :private? - assert_same_rsa rsa1024, key + assert_same_rsa rsa, key pem = <<~EOF -----BEGIN RSA PRIVATE KEY----- - MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx - aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/ - Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB - AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0 - maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T - gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572 - 74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE - JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX - sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII - 8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA - wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi - qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD - dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA== + MIIEpAIBAAKCAQEAuV9ht9J7k4NBs38jOXvvTKY9gW8nLICSno5EETR1cuF7i4pN + s9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enenfzq/t/e/1IRW0wkJUJUFQign + 4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWmqbjs07JbuS4QQGGXLc+Su96D + kYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v68JkRFIhdGlb6JL8fllf/A/bl + NwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX9KZYcU00mOX+fdxOSnGqS/8J + DRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wIDAQABAoIBAAzsamqfYQAqwXTb + I0CJtGg6msUgU7HVkOM+9d3hM2L791oGHV6xBAdpXW2H8LgvZHJ8eOeSghR8+dgq + PIqAffo4x1Oma+FOg3A0fb0evyiACyrOk+EcBdbBeLo/LcvahBtqnDfiUMQTpy6V + seSoFCwuN91TSCeGIsDpRjbG1vxZgtx+uI+oH5+ytqJOmfCksRDCkMglGkzyfcl0 + Xc5CUhIJ0my53xijEUQl19rtWdMnNnnkdbG8PT3LZlOta5Do86BElzUYka0C6dUc + VsBDQ0Nup0P6rEQgy7tephHoRlUGTYamsajGJaAo1F3IQVIrRSuagi7+YpSpCqsW + wORqorkCgYEA7RdX6MDVrbw7LePnhyuaqTiMK+055/R1TqhB1JvvxJ1CXk2rDL6G + 0TLHQ7oGofd5LYiemg4ZVtWdJe43BPZlVgT6lvL/iGo8JnrncB9Da6L7nrq/+Rvj + XGjf1qODCK+LmreZWEsaLPURIoR/Ewwxb9J2zd0CaMjeTwafJo1CZvcCgYEAyCgb + aqoWvUecX8VvARfuA593Lsi50t4MEArnOXXcd1RnXoZWhbx5rgO8/ATKfXr0BK/n + h2GF9PfKzHFm/4V6e82OL7gu/kLy2u9bXN74vOvWFL5NOrOKPM7Kg+9I131kNYOw + Ivnr/VtHE5s0dY7JChYWE1F3vArrOw3T00a4CXUCgYEA0SqY+dS2LvIzW4cHCe9k + IQqsT0yYm5TFsUEr4sA3xcPfe4cV8sZb9k/QEGYb1+SWWZ+AHPV3UW5fl8kTbSNb + v4ng8i8rVVQ0ANbJO9e5CUrepein2MPL0AkOATR8M7t7dGGpvYV0cFk8ZrFx0oId + U0PgYDotF/iueBWlbsOM430CgYEAqYI95dFyPI5/AiSkY5queeb8+mQH62sdcCCr + vd/w/CZA/K5sbAo4SoTj8dLk4evU6HtIa0DOP63y071eaxvRpTNqLUOgmLh+D6gS + Cc7TfLuFrD+WDBatBd5jZ+SoHccVrLR/4L8jeodo5FPW05A+9gnKXEXsTxY4LOUC + 9bS4e1kCgYAqVXZh63JsMwoaxCYmQ66eJojKa47VNrOeIZDZvd2BPVf30glBOT41 + gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15LcPAj59cD6S6rWnAxO8NFK7HQG + 4Jxg3JNNf8ErQoCHb1B3oVdXJkmbJkARoDpBKmTCgKtP8ADYLmVPQw== -----END RSA PRIVATE KEY----- EOF key = OpenSSL::PKey::RSA.new(pem) - assert_same_rsa rsa1024, key + assert_same_rsa rsa, key - assert_equal asn1.to_der, rsa1024.to_der - assert_equal pem, rsa1024.export + assert_equal asn1.to_der, rsa.to_der + assert_equal pem, rsa.export # Unknown PEM prepended - cert = issue_cert(OpenSSL::X509::Name.new([["CN", "nobody"]]), rsa1024, 1, [], nil, nil) - str = cert.to_text + cert.to_pem + rsa1024.to_pem + cert = issue_cert(OpenSSL::X509::Name.new([["CN", "nobody"]]), rsa, 1, [], nil, nil) + str = cert.to_text + cert.to_pem + rsa.to_pem key = OpenSSL::PKey::RSA.new(str) - assert_same_rsa rsa1024, key + assert_same_rsa rsa, key end def test_RSAPrivateKey_encrypted + omit_on_fips + rsa1024 = Fixtures.pkey("rsa1024") # key = abcdef pem = <<~EOF @@ -438,6 +480,8 @@ def test_PUBKEY end def test_pem_passwd + omit_on_fips + key = Fixtures.pkey("rsa1024") pem3c = key.to_pem("aes-128-cbc", "key") assert_match (/ENCRYPTED/), pem3c @@ -484,41 +528,54 @@ def test_private_encoding end def test_private_encoding_encrypted - rsa1024 = Fixtures.pkey("rsa1024") - encoded = rsa1024.private_to_der("aes-128-cbc", "abcdef") + rsa = Fixtures.pkey("rsa2048") + encoded = rsa.private_to_der("aes-128-cbc", "abcdef") asn1 = OpenSSL::ASN1.decode(encoded) # PKCS #8 EncryptedPrivateKeyInfo assert_kind_of OpenSSL::ASN1::Sequence, asn1 assert_equal 2, asn1.value.size - assert_not_equal rsa1024.private_to_der, encoded - assert_same_rsa rsa1024, OpenSSL::PKey.read(encoded, "abcdef") - assert_same_rsa rsa1024, OpenSSL::PKey.read(encoded) { "abcdef" } + assert_not_equal rsa.private_to_der, encoded + assert_same_rsa rsa, OpenSSL::PKey.read(encoded, "abcdef") + assert_same_rsa rsa, OpenSSL::PKey.read(encoded) { "abcdef" } assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.read(encoded, "abcxyz") } - encoded = rsa1024.private_to_pem("aes-128-cbc", "abcdef") + encoded = rsa.private_to_pem("aes-128-cbc", "abcdef") assert_match (/BEGIN ENCRYPTED PRIVATE KEY/), encoded.lines[0] - assert_same_rsa rsa1024, OpenSSL::PKey.read(encoded, "abcdef") + assert_same_rsa rsa, OpenSSL::PKey.read(encoded, "abcdef") - # certtool --load-privkey=test/fixtures/pkey/rsa1024.pem --to-p8 --password=abcdef + # certtool --load-privkey=test/openssl/fixtures/pkey/rsa2048.pem --to-p8 --password=abcdef pem = <<~EOF -----BEGIN ENCRYPTED PRIVATE KEY----- - MIICojAcBgoqhkiG9w0BDAEDMA4ECLqajUdSNfzwAgIEkQSCAoCDWhxr1HUrKLXA - FsFGGQfPT0aKH4gZipaSXXQRl0KwifHwHoDtfo/mAkJVZMnUVOm1AQ4LTFS3EdTy - JUwICGEQHb7QAiokIRoi0K2yHhOxVO8qgbnWuisWpiT6Ru1jCqTs/wcqlqF7z2jM - oXDk/vuekKst1DDXDcHrzhDkwhCQWj6jt1r2Vwaryy0FyeqsWAgBDiK2LsnCgkGD - 21uhNZ/iWMG6tvY9hB8MDdiBJ41YdSG/AKLulAxQ1ibJz0Tasu66TmwFvWhBlME+ - QbqfgmkgWg5buu53SvDfCA47zXihclbtdfW+U3CJ9OJkx0535TVdZbuC1QgKXvG7 - 4iKGFRMWYJqZvZM3GL4xbC75AxjXZsdCfV81VjZxjeU6ung/NRzCuCUcmBOQzo1D - Vv6COwAa6ttQWM0Ti8oIQHdu5Qi+nuOEHDLxCxD962M37H99sEO5cESjmrGVxhEo - 373L4+11geGSCajdp0yiAGnXQfwaKta8cL693bRObN+b1Y+vqtDKH26N9a4R3qgg - 2XwgQ5GH5CODoXZpi0wxncXO+3YuuhGeArtzKSXLNxHzIMlY7wZX+0e9UU03zfV/ - aOe4/q5DpkNxgHePt0oEpamSKY5W3jzVi1dlFWsRjud1p/Grt2zjSWTYClBlJqG1 - A/3IeDZCu+acaePJjFyv5dFffIj2l4bAYB+LFrZlSu3F/EimO/dCDWJ9JGlMK0aF - l9brh7786Mo+YfyklaqMMEHBbbR2Es7PR6Gt7lrcIXmzy9XSsxT6IiD1rG9KKR3i - CQxTup6JAx9w1q+adL+Ypikoy3gGD/ccUY6TtPoCmkQwSCS+JqQnFlCiThDJbu+V - eqqUNkZq + MIIFOTBjBgkqhkiG9w0BBQ0wVjA1BgkqhkiG9w0BBQwwKAQSsTIsinrhNMr4owUz + cwYGgB0lAgMJJ8ACARAwCgYIKoZIhvcNAgkwHQYJYIZIAWUDBAECBBDtDYqmQOLV + Nh0T0DslWgovBIIE0ESbJey2Pjf9brTp9/41CPnI9Ev78CGSv8Ihyuynu6G7oj7N + G7jUB1pVMQ7ivebF5DmM0qHAix6fDqJetB3WCnRQpMLyIdq5VrnKwFNhwGYduWA5 + IyaAc4DHj02e6YLyBTIKpu79OSFxLrnLCRaTbvZIUQaGhyd6pB7iAhqz5YBC0rpa + iMK5TRlNGPYG9n2eGFOhvUsbJ4T8VDzjpVWw0VNRaukXtg4xiR6o1f0qSXqAb5d9 + REq5DfaQfoOKTV9j7KJHDRrBQG81vkU4K+xILrCBfbcYb82aCoinwSep9LC30HaH + LZ0hYQOuD/k/UbgjToS2wyMnkz75MN5ZNhDMZl/mACQdsMMtIxG37Mpo1Ca33uZi + 71TCOEKIblZS11L1YhIni9Af8pOuHJBWwezP2zN2nPwV6OhgL7Jlax7ICQOPC6L/ + yRGgC5eT4lDDAuTy0IdUhr0r5XrFzZR0/5Vgsq9cGfk9QkXOoETRhQVkEfUDdCs6 + 6CK+SwUR9qh5824ShODFG0SQpsqBPIVtkGrypBSUJtICmGMOAsclB7RDN7/opJwp + qv/iRJ5dhWrhRgQ/DfYifvO5On7RgC2hm48gF3Pt6XCA857ryyYxLYeMY42tAUqp + Hmc9HL7bMYF/jl3cJ32+gLvI3PBVvrvyeAhRo6z7MFVe9I04OywV6BHUx1Us6ybF + qkYnSpcJZdu7HyvzXm7XWLFmt7K5BlAgnFsa/8+cI1BGPgQRc1j0SWepXsSwFZX6 + JkNQ0dewq4uRJXbGyQgfh5I5ETpqDhSt2JfBwAoze6cx3DPC711PUamxyWMiejs+ + mYdia4p62NxaUvyXWmCGIEOzajRwywEhf9OLAmfqTN41TIrEL4BUxqtzDyw8Nl8T + KB7nJEC366jFASfumNQkXXyH5yBIF+XwwSKUOObRZVn2rUzFToo51hHu9efxHoXa + jZlpfglWijkmOuwoIGlGHOq8gUn76oq9WbV+YO+fWm/mf4S3ECzmYzxb6a1uCTy/ + Itkm2qOe3yTM1t+oCqZ0/MeTZ84ALQaWv5reQfjronPZ1jeNtxrYz28tJ4KwBn0U + bJReXbOLsHAymipncxlmaevbx4GPTduu/lbpxefoN95w+SpEdyTmVWrfaCTgAbad + EzcRl60my3xOMQ7CaUbRgGiwohqHDvuXzeqoZ96u6CwfAoEfy4jETmKLRH6uTtj7 + 4jdTyoqyizjpvaM8LPspBS+oqFwLxBjpseQuScrZO1BjPxrImLy2/VRqwJ+CF4FB + iijEgDgDc1EMIGe5YmOAV+i22n9RqX+2IvkYp7CWXrB9/lmirLFukd7hT8DLPUGq + AvSZwTPbDPoZKG3DAebC3DbiC7A3x0KZp24doNRLamZ/MyKHo2Rzl0UhkzDU0ly2 + eAnyNYsOAQck+C6L+ieD95Gksm9YJWurwttm5JragbIJwMCrsBQd4bXDkKdRhxS2 + JpS0dT/aoDmgTzoG07x4cZk0rjBkfX1ta0j0b1lz7/PZXl9AbRvFdq5sJpmv4Ryz + S+OERqo4IEfJJq2WJ92WR+HLGV3Gvsdb7znZTEF1tp4pWOLAt83Pry282UJxO7Pe + ySf/868TEmXams06GYvH+7cMiIT2m9Dc+EFgNaPmm0uMmJ+ZjqHKSOLzrL7C -----END ENCRYPTED PRIVATE KEY----- EOF - assert_same_rsa rsa1024, OpenSSL::PKey.read(pem, "abcdef") + assert_same_rsa rsa, OpenSSL::PKey.read(pem, "abcdef") end def test_dup