diff --git a/lib/hiera/backend/eyaml/encryptors/pkcs7.rb b/lib/hiera/backend/eyaml/encryptors/pkcs7.rb index 025eccf..f17e5f9 100644 --- a/lib/hiera/backend/eyaml/encryptors/pkcs7.rb +++ b/lib/hiera/backend/eyaml/encryptors/pkcs7.rb @@ -37,7 +37,15 @@ def self.encrypt(plaintext) LoggingHelper.trace 'PKCS7 encrypt' public_key_pem = load_public_key_pem - public_key_x509 = OpenSSL::X509::Certificate.new(public_key_pem) + if public_key_pem.include? 'BEGIN CERTIFICATE' + public_key_x509 = OpenSSL::X509::Certificate.new(public_key_pem) + elsif public_key_pem.include? 'BEGIN PUBLIC KEY' + public_key_rsa = OpenSSL::PKey::RSA.new(public_key_pem) + public_key_x509 = OpenSSL::X509::Certificate.new + public_key_x509.public_key = public_key_rsa.public_key + else + raise StandardError, "file #{public_key_pem} cannot be used to encrypt - invalid public key format" + end cipher = OpenSSL::Cipher.new('aes-256-cbc') OpenSSL::PKCS7.encrypt([public_key_x509], plaintext, cipher, OpenSSL::PKCS7::BINARY).to_der