Refer to:
- https://guides.rubygems.org/security/
- https://ruby-doc.org/current/stdlibs/rubygems/Gem/Security.html
gem cert --help
The maintainer creates the initial certificate and a private key:
cd /path/to/vault
gem cert --build [email protected]Note
The email must match the field spec.email in aspera-cli.gemspec
To display current info: bundle exec rake certs:info
This creates two files in folder /path/to/vault (e.g. $HOME/.ssh):
gem-private_key.pem: This file shall be kept secret in a vault.gem-public_cert.pem: This file is copied to a public place, here in foldercerts
Note
Alternatively, use an existing key or generate one, pointed with SIGNING_KEY, and then rake certs:new
Subsequently, the private key path is specified using the SIGNING_KEY env var.
Show the current certificate contents:
bundle exec rake certs:showNote
To provide a passphrase add argument: -passin pass:_value_ to openssl
Check that the signing key is the same as used to sign the certificate:
bundle exec rake certs:check_key SIGNING_KEY=/path/to/vault/gem-private_key.pemThe maintainer can renew the certificate when it is expired using the same private key:
bundle exec rake certs:update SIGNING_KEY=/path/to/vault/gem-private_key.pemAlternatively, to generate a new certificate with the same key:
bundle exec rake certs:new SIGNING_KEY=/path/to/vault/gem-private_key.pemSee Contributing
Refer to Manual