mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00

Christoph Hartmann d2f000e435 refactor x509 resources and rsa key

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

2017-03-22 11:44:32 +01:00

1.8 KiB

Raw Blame History

title
The key_rsa Resource

key_rsa

Use the key_rsa InSpec audit resource to test RSA public/private keypairs.

This resource is mainly useful when used in conjunction with the x509_certificate resource but it can also be used for checking SSH keys.

Syntax

An key_rsa resource block declares a key file to be tested.

describe key_rsa('mycertificate.key') do
  it { should be_private }
  it { should be_public }
  its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982" }
  its('key_length') { should eq 2048 }
end

You can use an optional passphrase with key_rsa

describe key_rsa('mycertificate.key', 'passphrase') do
  it { should be_private }
end

Supported Properties

public?

To verify if a key is public use the following:

describe key_rsa('/etc/pki/www.mywebsite.com.key') do
  it { should be_public }
end

public_key (String)

The public_key property returns the public part of the RSA key pair

describe key_rsa('/etc/pki/www.mywebsite.com.key') do
  its('public_key') { should match "-----BEGIN PUBLIC KEY-----\n3597459df9f3982......" }
end

private?

This property verifies that the key includes a private key:

describe key_rsa('/etc/pki/www.mywebsite.com.key') do
  it { should be_private }
end

private_key (String)

The private_key property returns the private key or the RSA key pair.

describe key_rsa('/etc/pki/www.mywebsite.com.key') do
  its('private_key') { should match "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAK......" }
end

key_length

The key_length property allows testing the number of bits in the key pair.

describe key_rsa('/etc/pki/www.mywebsite.com.key') do
  its('key_length') { should eq 2048 }
end

1.8 KiB Raw Blame History