W3cubDocs

/Ansible

community.crypto.openssl_privatekey_info – Provide information for OpenSSL private keys

Note

This plugin is part of the community.crypto collection (version 1.9.6).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.crypto.

To use it in a playbook, specify: community.crypto.openssl_privatekey_info.

Synopsis
Requirements
Parameters
Notes
See Also
Examples
Return Values

Synopsis

This module allows one to query information on OpenSSL private keys.
In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available, none is returned for key_is_consistent.
It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with select_crypto_backend). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0.

Requirements

The below requirements are needed on the host that executes this module.

PyOpenSSL >= 0.15 or cryptography >= 1.2.3

Parameters

Parameter	Choices/Defaults	Comments
content string added in 1.0.0 of community.crypto		Content of the private key file. Either path or content must be specified, but not both.
passphrase string		The passphrase for the private key.
path path		Remote absolute path where the private key file is loaded from.
return_private_key_data boolean	Choices: no ← yes	Whether to return private key data. Only set this to `yes` when you want private information about this key to leave the remote machine. WARNING: you have to make sure that private key data isn't accidentally logged!
select_crypto_backend string	Choices: auto ← cryptography pyopenssl	Determines which crypto backend to use. The default choice is `auto`, which tries to use `cryptography` if available, and falls back to `pyopenssl`. If set to `pyopenssl`, will try to use the pyOpenSSL library. If set to `cryptography`, will try to use the cryptography library. Please note that the `pyopenssl` backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the `cryptography` backend will be available.

Notes

Note

Supports check_mode.

Examples

- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  community.crypto.openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem

- name: Get information on generated key
  community.crypto.openssl_privatekey_info:
    path: /etc/ssl/private/ansible.com.pem
  register: result

- name: Dump information
  ansible.builtin.debug:
    var: result

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
can_load_key boolean		always	Whether the module was able to load the private key from disk.
can_parse_key boolean		always	Whether the module was able to parse the private key.
key_is_consistent boolean		always	Whether the key is consistent. Can also return `none` next to `yes` and `no`, to indicate that consistency could not be checked. In case the check returns `no`, the module will fail.
private_data dictionary		success and when return_private_key_data is set to `yes`	Private key data. Depends on key type.
public_data dictionary		success	Public key data. Depends on key type.
	curve string	When `type=ECC`	The curve's name for ECC.
	exponent integer	When `type=RSA`	The RSA key's public exponent.
	exponent_size integer	When `type=ECC`	The maximum number of bits of a private key. This is basically the bit size of the subgroup used.
	g integer	When `type=DSA`	The `g` value for DSA. This is the element spanning the subgroup of the multiplicative group of the prime field used.
	modulus integer	When `type=RSA`	The RSA key's modulus.
	p integer	When `type=DSA`	The `p` value for DSA. This is the prime modulus upon which arithmetic takes place.
	q integer	When `type=DSA`	The `q` value for DSA. This is a prime that divides `p - 1`, and at the same time the order of the subgroup of the multiplicative group of the prime field used.
	size integer	When `type=RSA` or `type=DSA`	Bit size of modulus (RSA) or prime number (DSA).
	x integer	When `type=ECC`	The `x` coordinate for the public point on the elliptic curve.
	y integer	When `type=DSA` or `type=ECC`	For `type=ECC`, this is the `y` coordinate for the public point on the elliptic curve. For `type=DSA`, this is the publicly known group element whose discrete logarithm w.r.t. `g` is the private key.
public_key string		success	Private key's public key in PEM format. Sample: -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A...
public_key_fingerprints dictionary		success	Fingerprints of private key's public key. For every hash algorithm available, the fingerprint is computed. Sample: {'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1...
type string		success	The key's type. One of `RSA`, `DSA`, `ECC`, `Ed25519`, `X25519`, `Ed448`, or `X448`. Will start with `unknown` if the key type cannot be determined. Sample: RSA

Authors

Felix Fontein (@felixfontein)
Yanis Guenane (@Spredzy)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_info_module.html