Class: CcipherBox::SecureRing

Inherits:
Object
  • Object
show all
Includes:
TR::CondUtils
Defined in:
lib/ccipher_box/secure_ring.rb

Overview

SecureRing that carries a unique seed for data encryption and decryption Typically SecureRing contains one key vault for data protection

Different between SecureRing and MemVault is the encrypt/decrypt function of MemVault only for limited data however for SecureRing the data size is limited only by the algorithm limitation

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = { }) ⇒ SecureRing

Returns a new instance of SecureRing.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/ccipher_box/secure_ring.rb', line 21

def initialize(opts = {  })

  @name = opts[:name] || "Genesis"

  @vault = MemVault.new(@name)

  # seed for data encryption key derivation
  @encSeed = opts[:encSeed] || SecureRandom.random_bytes(64)

  # keep link between encryption key config with a name
  @encKeyConfig = EncKeyConfig.new
  if not_empty?(opts[:encKeyConfig])
    conf = opts[:encKeyConfig].keyConfigs
    conf.each do |name, kc|
      regenerate_key(name, kc)
    end
  end
end

Instance Attribute Details

#nameObject

Returns the value of attribute name.



20
21
22
 
# File 'lib/ccipher_box/secure_ring.rb', line 20

def name
  @name
end

Class Method Details

.from_encoded(bin) ⇒ Object 



94
95
96
97
98
 
# File 'lib/ccipher_box/secure_ring.rb', line 94

def self.from_encoded(bin)
  st = BinStruct.instance.struct_from_bin(bin)
  encKeyConfig = EncKeyConfig.from_encoded(st.keyConfigs)
  SecureRing.new({ encSeed: st.cipherSeed, encKeyConfig: encKeyConfig, name: st.name })
end

Instance Method Details

#dispose_key(name) ⇒ Object 



56
57
58
59
 
# File 'lib/ccipher_box/secure_ring.rb', line 56

def dispose_key(name)
  @vault.deregister(name)
  self
end

#encodedObject 



86
87
88
89
90
91
92
 
# File 'lib/ccipher_box/secure_ring.rb', line 86

def encoded
  st = BinStruct.instance.struct(:secure_ring)
  st.name = @name
  st.cipherSeed = @encSeed
  st.keyConfigs = @encKeyConfig.encoded
  st.encoded
end

#generate_key(name, opts = { }) ⇒ Object

generate new operation key for data encryption and decryption



41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/ccipher_box/secure_ring.rb', line 41

def generate_key(name, opts = {  })
  algo = opts[:algo] || :aes
  keysize = opts[:keysize] || 256

  sk = CcipherFactory::SymKeyGenerator.derive(algo, keysize) do |ops|
    case ops
    when :password
      @encSeed
    end
  end

  @vault.register(name, sk)
  @encKeyConfig.register_config(name, sk.encoded)
end

#get_key(name) ⇒ Object 



69
70
71
 
# File 'lib/ccipher_box/secure_ring.rb', line 69

def get_key(name)
  @vault.get_key(name)
end

#is_key_registered?(name) ⇒ Boolean

Returns:

  • (Boolean) 


61
62
63
 
# File 'lib/ccipher_box/secure_ring.rb', line 61

def is_key_registered?(name)
  @vault.is_registered?(name)
end

#new_decryption_engineObject 



82
83
84
 
# File 'lib/ccipher_box/secure_ring.rb', line 82

def new_decryption_engine
  DecryptionEngine.new(@vault)
end

#new_encryption_engine(*keyNames) ⇒ Object 



73
74
75
76
77
78
79
80
 
# File 'lib/ccipher_box/secure_ring.rb', line 73

def new_encryption_engine(*keyNames)
  names = []
  keyNames.each do |name|
    raise KeyNotRegistered, "Key with name '#{name}' not registered" if not is_key_registered?(name)
    names << @vault.get_key(name)
  end
  EncryptionEngine.new(*names)
end

#registered_keysObject 



65
66
67
 
# File 'lib/ccipher_box/secure_ring.rb', line 65

def registered_keys
  @vault.keys.freeze
end