openssl-ssh 0.1.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 201e86275b09b7955f5e65c8e20b77d3b824be8e
-  data.tar.gz: 4d04006494ec4c1f37f32647d0b19adb7a0484c8
+SHA256:
+  metadata.gz: 37a68dc478799667fdf5e6197816d68270485d49cdb3b5a55d4eafd5a6f26fe2
+  data.tar.gz: a735beabe82287963121cfd4e8aae2791072c7e49eb4ee5729746888d3d4900c
 SHA512:
-  metadata.gz: f6a38328c4d02ce9bc2a9345c8b7526a49ca142acd28fe44dceb3ee957f5424607253917a0f61133cd328ace34b611e280f3b5603a5edc255d42dee276a85edc
-  data.tar.gz: 2f835b87e85e520d6c9456f5c1e8e439e48c9e0e6f2788aef58fad9ec539e674058c11521c113891c9713ca00fbc27f5cadbd560d7b3f5950e7d46b0f146da72
+  metadata.gz: 7bea96bc4ed7eb74f70f4954ce92f56e7fae212a0b5a1a1eb0cad360a01df9102699335e461c2159699f414949f8680a458b5883335ab8833e38a77e88f2279f
+  data.tar.gz: 0fd6c0455b634116d8d82bf1f1af28db706c4325c24cf43d8a5b0482c567526bd941292f4693852a8f175b70514415ae9866aef94acfc0b5215db9b3dd36f877

data/.github/workflows/ci.yml

@@ -0,0 +1,44 @@
+name: CI
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ['3.0', '3.1', '3.2', '3.3']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rspec
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+
+      - name: Run Standard RB
+        run: bundle exec standardrb --no-fix
+
+      - name: Check gem builds
+        run: gem build openssl-ssh.gemspec

data/.github/workflows/publish.yml

@@ -0,0 +1,52 @@
+name: Publish Gem
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+
+      - name: Extract version from tag
+        id: version
+        run: |
+          TAG=${GITHUB_REF#refs/tags/v}
+          echo "version=$TAG" >> $GITHUB_OUTPUT
+          if [[ "$TAG" =~ -pre[0-9]*$ ]] || [[ "$TAG" =~ -alpha[0-9]*$ ]] || [[ "$TAG" =~ -beta[0-9]*$ ]] || [[ "$TAG" =~ -rc[0-9]*$ ]] || [[ "$TAG" =~ -a[0-9]*$ ]]; then
+            echo "prerelease=true" >> $GITHUB_OUTPUT
+          else
+            echo "prerelease=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build gem
+        id: build
+        run: |
+          gem build *.gemspec
+          echo "gem_file=$(ls *.gem)" >> $GITHUB_OUTPUT
+
+      - name: Configure RubyGems credentials
+        uses: rubygems/configure-rubygems-credentials@v1.0.0
+
+      - name: Publish to RubyGems
+        run: gem push ${{ steps.build.outputs.gem_file }}
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ${{ steps.build.outputs.gem_file }}
+          prerelease: ${{ steps.version.outputs.prerelease }}
+          generate_release_notes: true

data/.gitignore

@@ -2,7 +2,6 @@
 /.yardoc
 /_yardoc/
 /coverage/
-/doc/
 /pkg/
 /spec/reports/
 /tmp/

data/.standard.yml

@@ -0,0 +1,8 @@
+# Standard RB configuration
+# https://github.com/standardrb/standard
+
+ruby_version: 3.0
+
+ignore:
+  - "vendor/**/*"
+  - "coverage/**/*"

data/.tool-versions

@@ -0,0 +1 @@
+ruby 3.3.8

data/Gemfile

@@ -1,4 +1,4 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 

data/Gemfile.lock

@@ -1,43 +1,93 @@
 PATH
   remote: .
   specs:
-    openssl-ssh (0.1.0)
+    openssl-ssh (0.2.1)
+      base64
 
 GEM
   remote: https://rubygems.org/
   specs:
-    diff-lcs (1.3)
-    docile (1.3.1)
-    json (2.1.0)
-    rake (12.3.1)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    ast (2.4.3)
+    base64 (0.3.0)
+    diff-lcs (1.6.2)
+    docile (1.4.1)
+    json (2.18.1)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    parallel (1.27.0)
+    parser (3.3.10.1)
+      ast (~> 2.4.1)
+      racc
+    prism (1.9.0)
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rake (13.3.1)
+    regexp_parser (2.11.3)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.7)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    simplecov (0.16.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.7)
+    rubocop (1.82.1)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.48.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
+    rubocop-performance (1.26.1)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.13.2)
+    simplecov_json_formatter (0.1.4)
+    standard (1.53.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.82.0)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.8)
+    standard-custom (1.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.50)
+    standard-performance (1.9.0)
+      lint_roller (~> 1.1)
+      rubocop-performance (~> 1.26.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
 
 PLATFORMS
+  arm64-darwin-25
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.16)
+  bundler (~> 2.5)
   openssl-ssh!
-  rake (~> 12.3)
-  rspec (~> 3.8)
-  simplecov (~> 0.16)
+  rake (~> 13.2)
+  rspec (~> 3.13)
+  simplecov (~> 0.22)
+  standard (~> 1.53)
 
 BUNDLED WITH
-   1.16.6
+   2.7.2

data/README.md

@@ -1,7 +1,9 @@
+# ![OpenSSL](https://raw.githubusercontent.com/aladac/openssl-ssh/master/doc/openssl.png) + ![OpenSSH](https://raw.githubusercontent.com/aladac/openssl-ssh/master/doc/openssh.gif) 4 ![Ruby](https://raw.githubusercontent.com/aladac/openssl-ssh/master/doc/ruby.png)
+
 [![Maintainability](https://api.codeclimate.com/v1/badges/76e285ab4467fa52bc70/maintainability)](https://codeclimate.com/github/aladac/openssl-ssh/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/76e285ab4467fa52bc70/test_coverage)](https://codeclimate.com/github/aladac/openssl-ssh/test_coverage)
 
-# OpenSSL::SSH
+# OpenSSL::PKey::SSH
 
 This gem introduces `OpenSSL::PKey::SSH` class with the ability to parse **OpenSSH** format public keys and return a correct `OpenSSL::PKey` type object. This is a convenience class used to parse the specific format of the **OpenSSH** public key.
 

data/Rakefile

@@ -1,6 +1,9 @@
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require "standard/rake"
 
 RSpec::Core::RakeTask.new(:spec)
 
-task default: :spec
+task default: %i[spec standard]

data/TODO.md

@@ -0,0 +1,56 @@
+# OpenSSL-SSH - Modernization for Ruby 3.x / OpenSSL 3.x
+
+Parse OpenSSH format public keys (`ssh-rsa AAAA...`) and return `OpenSSL::PKey` objects.
+
+## Completed
+
+### Phase 1: Fix Core
+- [x] Replace property assignment with ASN.1 DER construction
+- [x] Update `build_rsa` method to build ASN.1 sequence
+- [x] Update `build_dsa` method to use SubjectPublicKeyInfo format
+- [x] Test with Ruby 3.x / OpenSSL 3.x
+- [x] Update specs
+
+### Phase 2: Add Key Types
+- [x] Ed25519 support (default for modern OpenSSH)
+  ```ruby
+  OpenSSL::PKey.new_raw_public_key('ED25519', raw_key_bytes)
+  ```
+- [x] ECDSA support (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521)
+- [x] Keep RSA and DSA support
+
+### Phase 3: Modernize
+- [x] Update gemspec dependencies
+  - bundler ~> 2.0
+  - rake ~> 13.0
+  - rspec ~> 3.12
+  - simplecov ~> 0.22
+  - base64 (runtime dependency for Ruby 3.4+)
+- [x] Add required Ruby version (>= 3.0)
+- [x] Add GitHub Actions workflow
+- [x] Update metadata URIs
+
+## Future Improvements
+
+### Phase 4: OpenSSH Private Key Format
+- [ ] Support OpenSSH private key format (new format, not just PEM)
+  - Ed25519 and ECDSA private keys use new format by default
+  - Requires custom parser for `-----BEGIN OPENSSH PRIVATE KEY-----`
+- [ ] Add fingerprint generation (MD5, SHA256)
+- [ ] Add key comment extraction
+- [ ] Better error messages
+
+## Supported Key Types
+
+| Type | Public Key | Private Key (PEM) | Private Key (OpenSSH) |
+|------|------------|-------------------|----------------------|
+| RSA | ✅ | ✅ | ❌ |
+| DSA | ✅ | ✅ | ❌ |
+| Ed25519 | ✅ | N/A | ❌ (pending) |
+| ECDSA | ✅ | ✅ | ❌ (pending) |
+
+## References
+
+- [OpenSSL::PKey docs](https://ruby-doc.org/stdlib/libdoc/openssl/rdoc/OpenSSL/PKey.html)
+- [RFC 4253 - SSH Transport](https://tools.ietf.org/html/rfc4253#section-6.6) - Key format
+- [RFC 8709 - Ed25519 for SSH](https://tools.ietf.org/html/rfc8709)

data/lib/openssl/ssh/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module OpenSSL
   module SSH
-    VERSION = '0.1.0'.freeze
+    VERSION = "0.2.1"
   end
 end

data/lib/openssl/ssh.rb

@@ -1,12 +1,26 @@
-require 'openssl/ssh/version'
-require 'base64'
-require 'openssl'
+# frozen_string_literal: true
+
+require "openssl/ssh/version"
+require "base64"
+require "openssl"
 
 module OpenSSL
   module PKey
     class SSH
-      RSA_COMPONENTS = ['ssh-rsa', :e, :n].freeze
-      DSA_COMPONENTS = ['ssh-dss', :p, :q, :g, :pub_key].freeze
+      SUPPORTED_TYPES = {
+        "ssh-rsa" => :rsa,
+        "ssh-dss" => :dsa,
+        "ssh-ed25519" => :ed25519,
+        "ecdsa-sha2-nistp256" => :ecdsa,
+        "ecdsa-sha2-nistp384" => :ecdsa,
+        "ecdsa-sha2-nistp521" => :ecdsa
+      }.freeze
+
+      ECDSA_CURVES = {
+        "ecdsa-sha2-nistp256" => "prime256v1",
+        "ecdsa-sha2-nistp384" => "secp384r1",
+        "ecdsa-sha2-nistp521" => "secp521r1"
+      }.freeze
 
       def self.new(key, password = nil)
         forward_private_key(key, password) || parse_public_ssh_key(key)
@@ -14,63 +28,152 @@ module OpenSSL
 
       def self.forward_private_key(key, password)
         case key
-        when /BEGIN RSA PRIVATE KEY/
+        when /BEGIN RSA PRIVATE KEY/, /BEGIN PRIVATE KEY/
           OpenSSL::PKey::RSA.new(key, password)
         when /BEGIN DSA PRIVATE KEY/
           OpenSSL::PKey::DSA.new(key, password)
+        when /BEGIN EC PRIVATE KEY/
+          OpenSSL::PKey::EC.new(key, password)
+        when /BEGIN OPENSSH PRIVATE KEY/
+          parse_openssh_private_key(key, password)
         end
       end
 
+      def self.parse_openssh_private_key(key, password)
+        # OpenSSH new format private keys - delegate to OpenSSL if supported
+        OpenSSL::PKey.read(key, password)
+      rescue OpenSSL::PKey::PKeyError
+        raise "OpenSSH private key format not supported by your OpenSSL version"
+      end
+
       def self.parse_public_ssh_key(key)
-        if key && key.is_a?(String) && key.match?(/^ssh-/)
-          key = key.split[1]
-          key = decode_pubkey(key)
+        return key unless key.is_a?(String) && key.match?(/^(ssh-|ecdsa-)/)
+
+        parts = key.strip.split(" ", 3)
+        type = parts[0]
+        data = parts[1]
+        # comment = parts[2] # Available if needed
+
+        raise "Unsupported key type: #{type}" unless SUPPORTED_TYPES.key?(type)
+
+        decoded = Base64.decode64(data)
+        components = unpack_pubkey_components(decoded)
+
+        case SUPPORTED_TYPES[type]
+        when :rsa then build_rsa(components)
+        when :dsa then build_dsa(components)
+        when :ed25519 then build_ed25519(components)
+        when :ecdsa then build_ecdsa(components, type)
         end
-        key
       end
 
-      def self.decode_pubkey(string)
-        components = unpack_pubkey_components Base64.decode64(string)
-        raise "Unsupported key type #{components.first}" unless components.first.match?(/#{RSA_COMPONENTS.first}|#{DSA_COMPONENTS.first}/)
+      def self.build_rsa(components)
+        _type, e_bytes, n_bytes = components
+        e = bytes_to_bn(e_bytes)
+        n = bytes_to_bn(n_bytes)
 
-        ops, key = process_components(components)
-        process_ops(key, ops)
+        # RSA public key ASN.1 structure:
+        # RSAPublicKey ::= SEQUENCE {
+        #   modulus           INTEGER,  -- n
+        #   publicExponent    INTEGER   -- e
+        # }
+        asn1 = OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::Integer.new(n),
+          OpenSSL::ASN1::Integer.new(e)
+        ])
+        OpenSSL::PKey::RSA.new(asn1.to_der)
       end
 
-      def self.key_type_components(components)
-        (components.first.match?(RSA_COMPONENTS.first) ? RSA_COMPONENTS : DSA_COMPONENTS).zip(components)
-      end
+      def self.build_dsa(components)
+        _type, p_bytes, q_bytes, g_bytes, pub_key_bytes = components
+        p = bytes_to_bn(p_bytes)
+        q = bytes_to_bn(q_bytes)
+        g = bytes_to_bn(g_bytes)
+        pub_key = bytes_to_bn(pub_key_bytes)
 
-      def self.key_type_object(components)
-        components.first.match?(RSA_COMPONENTS.first) ? OpenSSL::PKey::RSA.new : OpenSSL::PKey::DSA.new
-      end
+        # DSA public key requires SubjectPublicKeyInfo format:
+        # DSAParameters ::= SEQUENCE {
+        #   p INTEGER,
+        #   q INTEGER,
+        #   g INTEGER
+        # }
+        # DSAPublicKey ::= INTEGER -- public key y
+        #
+        # SubjectPublicKeyInfo ::= SEQUENCE {
+        #   algorithm AlgorithmIdentifier,
+        #   subjectPublicKey BIT STRING
+        # }
+        dsa_params = OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::Integer.new(p),
+          OpenSSL::ASN1::Integer.new(q),
+          OpenSSL::ASN1::Integer.new(g)
+        ])
+
+        # OID for DSA: 1.2.840.10040.4.1
+        algo_id = OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::ObjectId.new("DSA"),
+          dsa_params
+        ])
 
-      def self.process_components(components)
-        [key_type_components(components), key_type_object(components)]
+        pub_key_asn1 = OpenSSL::ASN1::Integer.new(pub_key)
+        pub_key_bitstring = OpenSSL::ASN1::BitString.new(pub_key_asn1.to_der)
+
+        spki = OpenSSL::ASN1::Sequence.new([
+          algo_id,
+          pub_key_bitstring
+        ])
+
+        OpenSSL::PKey::DSA.new(spki.to_der)
       end
 
-      def self.process_ops(key, ops)
-        ops.each do |o|
-          next unless o.first.is_a? Symbol
+      def self.build_ed25519(components)
+        _type, raw_key = components
 
-          key.send "#{o.first}=", decode_mpi(o.last)
+        # Ed25519 requires Ruby 3.0+ with OpenSSL 1.1.1+
+        unless OpenSSL::PKey.respond_to?(:new_raw_public_key)
+          raise "Ed25519 requires Ruby 3.0+ with OpenSSL 1.1.1+"
         end
-        key
+
+        OpenSSL::PKey.new_raw_public_key("ED25519", raw_key)
+      end
+
+      def self.build_ecdsa(components, key_type)
+        _type, _, point_data = components
+        curve = ECDSA_CURVES[key_type]
+
+        # ECDSA public key in SubjectPublicKeyInfo format
+        # The point_data is already in uncompressed point format (04 || x || y)
+
+        # OID for EC: 1.2.840.10045.2.1
+        # Named curve OIDs
+        algo_id = OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::ObjectId.new("id-ecPublicKey"),
+          OpenSSL::ASN1::ObjectId.new(curve)
+        ])
+
+        pub_key_bitstring = OpenSSL::ASN1::BitString.new(point_data)
+
+        spki = OpenSSL::ASN1::Sequence.new([
+          algo_id,
+          pub_key_bitstring
+        ])
+
+        OpenSSL::PKey::EC.new(spki.to_der)
       end
 
       def self.unpack_pubkey_components(str)
-        cs = []
+        components = []
         i = 0
         while i < str.length
-          len = str[i, 4].unpack1('N')
-          cs << str[i + 4, len]
+          len = str[i, 4].unpack1("N")
+          components << str[i + 4, len]
           i += 4 + len
         end
-        cs
+        components
       end
 
-      def self.decode_mpi(mpi_str)
-        mpi_str.unpack('C*').inject(0) { |a, e| (a << 8) | e }
+      def self.bytes_to_bn(bytes)
+        OpenSSL::BN.new(bytes, 2)
       end
     end
   end

data/openssl-ssh.gemspec

@@ -1,42 +1,40 @@
-lib = File.expand_path('lib', __dir__)
+# frozen_string_literal: true
+
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'openssl/ssh/version'
+require "openssl/ssh/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = 'openssl-ssh'
-  spec.version       = OpenSSL::SSH::VERSION
-  spec.authors       = ['Adam Ladachowski']
-  spec.email         = ['adam.ladachowski@gmail.com']
-
-  spec.summary       = 'Handling for OpenSSH public keys'
-  spec.description   = 'This gem adds an OpenSSL::PKey::SSH class with the ability to parse OpenSSH and resturn a correct OpenSSL::PKey type class'
-  spec.homepage      = 'https://github.com/aladac/openssl-ssh'
-  spec.license       = 'MIT'
-
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
-  # to allow pushing to a single host or delete this section to allow pushing to any host.
-  if spec.respond_to?(:metadata)
-    # spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
-
-    spec.metadata['homepage_uri'] = spec.homepage
-    spec.metadata['source_code_uri'] = "TODO: Put your gem's public repo URL here."
-    spec.metadata['changelog_uri'] = "TODO: Put your gem's CHANGELOG.md URL here."
-  else
-    raise 'RubyGems 2.0 or newer is required to protect against ' \
-      'public gem pushes.'
-  end
+  spec.name = "openssl-ssh"
+  spec.version = OpenSSL::SSH::VERSION
+  spec.authors = ["Adam Ladachowski"]
+  spec.email = ["adam.ladachowski@gmail.com"]
+
+  spec.summary = "Handling for OpenSSH public keys"
+  spec.description = "Parse OpenSSH format public keys (ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-*) and return OpenSSL::PKey objects"
+  spec.homepage = "https://github.com/aladac/openssl-ssh"
+  spec.license = "MIT"
+
+  spec.required_ruby_version = ">= 3.0"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/aladac/openssl-ssh"
+  spec.metadata["changelog_uri"] = "https://github.com/aladac/openssl-ssh/blob/master/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = 'exe'
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
-
-  spec.add_development_dependency 'bundler', '~> 1.16'
-  spec.add_development_dependency 'rake', '~> 12.3'
-  spec.add_development_dependency 'rspec', '~> 3.8'
-  spec.add_development_dependency 'simplecov', '~> 0.16'
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Runtime dependencies (base64 extracted from stdlib in Ruby 3.4)
+  spec.add_dependency "base64"
+
+  spec.add_development_dependency "bundler", "~> 2.5"
+  spec.add_development_dependency "rake", "~> 13.2"
+  spec.add_development_dependency "rspec", "~> 3.13"
+  spec.add_development_dependency "simplecov", "~> 0.22"
+  spec.add_development_dependency "standard", "~> 1.53"
 end

data/openssl-ssh.md

@@ -0,0 +1,30 @@
+# OpenSSL-SSH - Ruby Gem Modernization
+
+**Repo**: https://github.com/aladac/openssl-ssh
+**Detailed TODO**: See [TODO.md in repo](https://github.com/aladac/openssl-ssh/blob/master/TODO.md)
+
+## Summary
+Ruby gem to parse OpenSSH format keys (`ssh-rsa AAAA...`) into `OpenSSL::PKey` objects.
+
+## Problem
+Current code is **broken** on Ruby 2.4+ / OpenSSL 2.0+. Uses property assignment on immutable objects:
+```ruby
+key.n = value  # ❌ Fails - OpenSSL::PKey is immutable
+```
+
+## Fix
+Use ASN.1 DER construction:
+```ruby
+asn1 = OpenSSL::ASN1::Sequence.new([
+  OpenSSL::ASN1::Integer.new(n),
+  OpenSSL::ASN1::Integer.new(e)
+])
+key = OpenSSL::PKey::RSA.new(asn1.to_der)  # ✅ Works
+```
+
+## Quick Tasks
+- [ ] Replace property assignment with ASN.1 DER approach
+- [ ] Add Ed25519 support (modern default)
+- [ ] Add ECDSA support
+- [ ] Update gemspec for Ruby 3.x
+- [ ] Add GitHub Actions CI

metadata

@@ -1,100 +1,137 @@
 --- !ruby/object:Gem::Specification
 name: openssl-ssh
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Adam Ladachowski
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-11-16 00:00:00.000000000 Z
+date: 2026-02-03 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.13'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.53'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
-description: This gem adds an OpenSSL::PKey::SSH class with the ability to parse OpenSSH
-  and resturn a correct OpenSSL::PKey type class
+        version: '1.53'
+description: Parse OpenSSH format public keys (ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-*)
+  and return OpenSSL::PKey objects
 email:
 - adam.ladachowski@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
+- ".github/workflows/publish.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".standard.yml"
+- ".tool-versions"
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
+- TODO.md
 - bin/console
 - bin/setup
+- doc/openssh.gif
+- doc/openssl.png
+- doc/ruby.png
 - lib/openssl/ssh.rb
 - lib/openssl/ssh/version.rb
 - openssl-ssh.gemspec
+- openssl-ssh.md
 homepage: https://github.com/aladac/openssl-ssh
 licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/aladac/openssl-ssh
-  source_code_uri: 'TODO: Put your gem''s public repo URL here.'
-  changelog_uri: 'TODO: Put your gem''s CHANGELOG.md URL here.'
-post_install_message: 
+  source_code_uri: https://github.com/aladac/openssl-ssh
+  changelog_uri: https://github.com/aladac/openssl-ssh/blob/master/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -102,16 +139,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14.1
-signing_key: 
+rubygems_version: 3.5.22
+signing_key:
 specification_version: 4
 summary: Handling for OpenSSH public keys
 test_files: []

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.4.4
-before_install: gem install bundler -v 1.16.6