Changeset 1309 for trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql.pm

Timestamp:

04/01/15 18:41:36 (9 years ago)

Author:

nanardon

Message:

Don't use SSH storage form

After several hour to try to figure out it seems Crypt::RSA::Key::Private::SSH
is unable to properly encrypt the private, making everything readable.

This patch replace the SSH form by the native one.

File:

• trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql.pm (modified) (4 diffs)

trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql.pm

@@ -12 +12 @@
 use Crypt::RSA::Key::Public::SSH;
 use Crypt::RSA::Key::Private::SSH;
+use Crypt::RSA::Key::Public;
+use Crypt::RSA::Key::Private;
 use MIME::Base64;
 
@@ -225 +227 @@
     my ($public, $private) = $rsa->keygen (
         Identity  => 'LATMOS-Accounts',
-        Size      => 768,
+        Size      => 2048,
         Password  => $password,
         Verbosity => 0,
-        KF=>'SSH',
     ) or die $rsa->errstr(); # TODO avoid die
     return ($public, $private);
@@ -243 +244 @@
     my $base = $self;
     my $serialize = $base->get_global_value('rsa_private_key') or return;
-    my $privkey = Crypt::RSA::Key::Private::SSH->new;
-    $privkey->deserialize(String => [ decode_base64($serialize) ],
-        Passphrase => $password);
-    $privkey
+    my $string = decode_base64($serialize);
+    my $privkey = $string =~ /^SSH PRIVATE KEY FILE/
+        ? Crypt::RSA::Key::Private::SSH->new
+        : Crypt::RSA::Key::Private->new;
+    $privkey = $privkey->deserialize(
+        String => [ $string ],
+        Password => $password
+    );
+    $privkey->reveal( Password => $password );
+    $privkey;
 }
 
@@ -280 +287 @@
     my ($self, $public, $private) = @_;
     my $base = $self;
+    $private->hide;
     $base->set_global_value('rsa_private_key',
         encode_base64($private->serialize));