2017-03-20 23:26:57 +00:00
|
|
|
---
|
|
|
|
title: The key_rsa Resource
|
2018-02-16 00:28:15 +00:00
|
|
|
platform: os
|
2017-03-20 23:26:57 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# key_rsa
|
|
|
|
|
2019-04-26 18:24:29 +00:00
|
|
|
Use the `key_rsa` Chef InSpec audit resource to test RSA public/private keypairs.
|
2017-03-20 23:26:57 +00:00
|
|
|
|
|
|
|
This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.
|
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
2017-03-20 23:26:57 +00:00
|
|
|
|
2018-08-09 12:34:49 +00:00
|
|
|
## Availability
|
|
|
|
|
|
|
|
### Installation
|
|
|
|
|
2019-04-26 18:24:29 +00:00
|
|
|
This resource is distributed along with Chef InSpec itself. You can use it automatically.
|
2018-08-09 12:34:49 +00:00
|
|
|
|
|
|
|
### Version
|
|
|
|
|
|
|
|
This resource first became available in v1.18.0 of InSpec.
|
|
|
|
|
2017-03-20 23:26:57 +00:00
|
|
|
## Syntax
|
|
|
|
|
|
|
|
An `key_rsa` resource block declares a `key file` to be tested.
|
|
|
|
|
|
|
|
describe key_rsa('mycertificate.key') do
|
|
|
|
it { should be_private }
|
|
|
|
it { should be_public }
|
|
|
|
its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982" }
|
|
|
|
its('key_length') { should eq 2048 }
|
|
|
|
end
|
|
|
|
|
|
|
|
You can use an optional passphrase with `key_rsa`
|
|
|
|
|
|
|
|
describe key_rsa('mycertificate.key', 'passphrase') do
|
|
|
|
it { should be_private }
|
|
|
|
end
|
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
|
|
|
|
2018-02-15 14:33:22 +00:00
|
|
|
## Properties
|
2017-03-20 23:26:57 +00:00
|
|
|
|
2018-02-13 17:35:14 +00:00
|
|
|
* `public_key`, `private_key`, `key_length`
|
2017-03-20 23:26:57 +00:00
|
|
|
|
2018-02-13 17:35:14 +00:00
|
|
|
<br>
|
2017-03-20 23:26:57 +00:00
|
|
|
|
2018-02-13 17:35:14 +00:00
|
|
|
## Property Examples
|
2017-03-20 23:26:57 +00:00
|
|
|
|
|
|
|
### public_key (String)
|
|
|
|
|
|
|
|
The `public_key` property returns the public part of the RSA key pair
|
|
|
|
|
|
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
|
|
its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982......" }
|
|
|
|
end
|
|
|
|
|
|
|
|
### private_key (String)
|
|
|
|
|
|
|
|
The `private_key` property returns the private key or the RSA key pair.
|
|
|
|
|
|
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
|
|
its('private_key') { should match "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAK......" }
|
|
|
|
end
|
|
|
|
|
|
|
|
### key_length
|
|
|
|
|
|
|
|
The `key_length` property allows testing the number of bits in the key pair.
|
|
|
|
|
|
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
|
|
its('key_length') { should eq 2048 }
|
|
|
|
end
|
2018-02-13 17:35:14 +00:00
|
|
|
|
2018-02-16 02:34:11 +00:00
|
|
|
<br>
|
|
|
|
|
2018-02-13 17:35:14 +00:00
|
|
|
## Matchers
|
|
|
|
|
2018-02-16 03:07:18 +00:00
|
|
|
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
2018-02-13 17:35:14 +00:00
|
|
|
|
|
|
|
### public?
|
|
|
|
|
|
|
|
To verify if a key is public use the following:
|
|
|
|
|
|
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
|
|
it { should be_public }
|
|
|
|
end
|
|
|
|
|
|
|
|
### private?
|
|
|
|
|
|
|
|
This property verifies that the key includes a private key:
|
|
|
|
|
|
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
|
|
it { should be_private }
|
2018-02-16 00:28:15 +00:00
|
|
|
end
|