Module: AttrVault::Encryption
- Defined in:
- lib/attr_vault/encryption.rb
Overview
Internal: Encapsulates encryption and signing primitives
Constant Summary collapse
- AES_BLOCK_SIZE =
16.freeze
Class Method Summary collapse
-
.decrypt(key:, ciphertext:, iv:) ⇒ Object
Internal: Decrypts the provided ciphertext using a AES-128-CBC cipher with a the provided IV and encryption key.
-
.encrypt(key:, message:, iv: nil) ⇒ Object
Internal: Encrypts the provided message using a AES-128-CBC cipher with a random IV and the provided encryption key.
-
.hmac_digest(key, bytes) ⇒ Object
Internal: Creates an HMAC signature (sha256 hashing) of the given bytes with the provided signing key.
Class Method Details
.decrypt(key:, ciphertext:, iv:) ⇒ Object
Internal: Decrypts the provided ciphertext using a AES-128-CBC cipher with a
the provided IV and encryption key
Arguments:
-
ciphertext - encrypted message
-
key - encryption key used to encrypt the message
-
iv - initialization vector used in the ciphertext’s cipher
Examples
ciphertext, iv = AttrVault::Encryption.encrypt(
message: 'this is a secret', key: encryption_key
)
Returns a two-element array containing the ciphertext and the random IV
51 52 53 54 55 56 57 |
# File 'lib/attr_vault/encryption.rb', line 51 def self.decrypt(key:, ciphertext:, iv:) decipher = OpenSSL::Cipher.new('AES-128-CBC') decipher.decrypt decipher.iv = iv decipher.key = key decipher.update(ciphertext) + decipher.final end |
.encrypt(key:, message:, iv: nil) ⇒ Object
Internal: Encrypts the provided message using a AES-128-CBC cipher with a
random IV and the provided encryption key
Arguments:
-
message - the message to encrypt
-
key - the encryption key
-
iv - override for the random IV, only used for testing
Examples
ciphertext, iv = AttrVault::Encryption.encrypt(
message: 'this is a secret', key: encryption_key
)
Returns a two-element array containing the ciphertext and the random IV
26 27 28 29 30 31 32 33 |
# File 'lib/attr_vault/encryption.rb', line 26 def self.encrypt(key:, message:, iv: nil) cipher = OpenSSL::Cipher.new('AES-128-CBC') cipher.encrypt iv ||= cipher.random_iv cipher.iv = iv cipher.key = key [cipher.update() + cipher.final, iv] end |
.hmac_digest(key, bytes) ⇒ Object
Internal: Creates an HMAC signature (sha256 hashing) of the given bytes
with the provided signing key
key - the signing key bytes - blob of bytes to sign
Returns the HMAC signature as a string
66 67 68 |
# File 'lib/attr_vault/encryption.rb', line 66 def self.hmac_digest(key, bytes) OpenSSL::HMAC.digest('sha256', key, bytes) end |