From 224d91e80d82c4aea9296003d7afd57849889398 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Thu, 2 May 2024 11:57:23 -0400 Subject: [PATCH] Add support for X509 and RSA public in encrypt --- lib/hiera/backend/eyaml/encryptors/pkcs7.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/hiera/backend/eyaml/encryptors/pkcs7.rb b/lib/hiera/backend/eyaml/encryptors/pkcs7.rb index f9a20af..b5dbf6e 100644 --- a/lib/hiera/backend/eyaml/encryptors/pkcs7.rb +++ b/lib/hiera/backend/eyaml/encryptors/pkcs7.rb @@ -31,9 +31,13 @@ def self.encrypt(plaintext) LoggingHelper.trace 'PKCS7 encrypt' public_key_pem = self.load_public_key_pem() - public_key_rsa = OpenSSL::PKey::RSA.new(public_key_pem) - public_key_x509 = OpenSSL::X509::Certificate.new - public_key_x509.public_key = public_key_rsa.public_key + if /BEGIN CERTIFICATE/.match(public_key_pem) != nil + public_key_x509 = OpenSSL::X509::Certificate.new(public_key_pem) + elsif /BEGIN PUBLIC KEY/.match(public_key_pem) != nil + public_key_rsa = OpenSSL::PKey::RSA.new(public_key_pem) + public_key_x509 = OpenSSL::X509::Certificate.new + public_key_x509.public_key = public_key_rsa.public_key + end cipher = OpenSSL::Cipher.new('aes-256-cbc') OpenSSL::PKCS7.encrypt([public_key_x509], plaintext, cipher, OpenSSL::PKCS7::BINARY).to_der