1 2 3 4 5 6 7 8 9
This is fine if you want to generate a key pair once, but what if you want to do it on the fly? The Ruby OpenSSL library has support for generating key pairs:
2048 is the key size, and a good value to use for it.
What’s not obvious is how to encrypt the private key. You don’t have to encrypt it, but, if you don’t, anyone who gets a hold of the key can decrypt your data. Using an unencrypted private key gives you one layer of security (something you have – the key), encrypting it gives you an additional layer (something you know – the password).
To encrypt the private key you need a Cipher object:
Then, using the Cipher object, you convert the the key_pair to PEM format:
1 2 3
The resulting PEM strings be saved and then later fed to OpenSSL::PKey::RSA.new() or used with Strongbox.