Ruby - Window command line interface

UPDATE -- I tried exactly the same thing using Python and it works perfectly !!

import os
os.system('certutil.exe -v -getkey "614D628A00000000014C" C:/Users/kra/kevin')

Could somebody shed some light on this issue please!

If I run this ruby code:

require 'open3'
stdin, stdout, stderr = Open3.popen3('certutil -v -getkey "614D628A00000000014C" C:/Users/kra/kevin')            
puts stdout.read

I get the following error:

Querying WIN-3CF41NBPT85.demo.com\demo-CA
CommonName: 614D628A00000000014C
CertUtil: -GetKey command FAILED: 0x80092004 (-2146885628)
CertUtil: Cannot find object or property.

However if I run the command directly from the command line, it works.

C:\Users\kra>certutil -getkey "614D628A00000000014C" C:/Users/kra/kevin
Querying WIN-3CF41NBPT85.cjndemo.com\cjndemo-CA.....................

"WIN-3CF41NBPT85.demo.com\demo-CA"
  Serial Number: 614d628a00000000014c
  Subject: CN=Kevin, C=GB
   NotBefore: 11/30/2012 10:20 AM
   NotAfter: 5/7/2013 9:29 AM
  Template: Copy of Web Server
  Version: 3
  Cert Hash(sha1): 88 b1 7a 74 8c be 73 d5 16 07 7f 19 16 57 14 c5 dd a9 79 7f


Recipient Info[0]:
CMSG_KEY_TRANS_RECIPIENT(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
    Serial Number: 129e45d3000000000130
    Issuer: CN=demo-CA, DC=demo, DC=com
    Subject: CN=kra, CN=Users, DC=demo, DC=com
CertUtil: -GetKey command completed successfully.

Interestingly if I run this ruby code:-

require 'open3'
stdin, stdout, stderr = Open3.popen3('certutil -recoverkey -p lexicon C:\Users\kra\kevin C:\Users\kra\kevin.pfx')
puts stdout.read

It also works.

Computed Hash: 6e d3 b8 ad 93 16 7b f0 fb b3 f5 cd 7e e4 bb ad fb 95 a0 81

User Certificate:
    Serial Number: 614d628a00000000014c
    Issuer: CN=demo-CA, DC=demo, DC=com
    Subject: CN=Kevin, C=GB
    Cert Hash(sha1): 88 b1 7a 74 8c be 73 d5 16 07 7f 19 16 57 14 c5 dd a9 79 7f
CertUtil: -RecoverKey command completed successfully.

I'm assuming its some kind of weird environmental thing because clearly ruby is able to call the certutil.exe command?

The first parameter for Open3.popen3 is the environment you want to pass to the sub-command. I've had to use this to get things working as I expected on occasion:

Open3.popen3(ENV, 'command') { ... }

which passes the current script's environment to the sub-command. The current script will have inherited its environment from the command-line, so, theoretically, the sub-command will have the same information the command issued at the command-line did.

If necessary, you can also extract subsets of ENV, or temporarily overwrite variables before calling popen3.

Instead of popen3, try using capture3. It's very similar, but I consider it a bit less low-level. I've seen some weird behavior with popen3 that capture3 avoided nicely. Also, again, notice that you can pass in ENV.