Class: CcipherBox::SecureRing
- Inherits:
-
Object
- Object
- CcipherBox::SecureRing
- Includes:
- TR::CondUtils
- Defined in:
- lib/ccipher_box/secure_ring.rb
Overview
SecureRing that carries a unique seed for data encryption and decryption Typically SecureRing contains one key vault for data protection
Different between SecureRing and MemVault is the encrypt/decrypt function of MemVault only for limited data however for SecureRing the data size is limited only by the algorithm limitation
Instance Attribute Summary collapse
-
#name ⇒ Object
Returns the value of attribute name.
Class Method Summary collapse
Instance Method Summary collapse
- #dispose_key(name) ⇒ Object
- #encoded ⇒ Object
-
#generate_key(name, opts = { }) ⇒ Object
generate new operation key for data encryption and decryption.
- #get_key(name) ⇒ Object
-
#initialize(opts = { }) ⇒ SecureRing
constructor
A new instance of SecureRing.
- #is_key_registered?(name) ⇒ Boolean
- #new_decryption_engine ⇒ Object
- #new_encryption_engine(*keyNames) ⇒ Object
- #registered_keys ⇒ Object
Constructor Details
#initialize(opts = { }) ⇒ SecureRing
Returns a new instance of SecureRing.
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/ccipher_box/secure_ring.rb', line 21 def initialize(opts = { }) @name = opts[:name] || "Genesis" @vault = MemVault.new(@name) # seed for data encryption key derivation @encSeed = opts[:encSeed] || SecureRandom.random_bytes(64) # keep link between encryption key config with a name @encKeyConfig = EncKeyConfig.new if not_empty?(opts[:encKeyConfig]) conf = opts[:encKeyConfig].keyConfigs conf.each do |name, kc| regenerate_key(name, kc) end end end |
Instance Attribute Details
#name ⇒ Object
Returns the value of attribute name.
20 21 22 |
# File 'lib/ccipher_box/secure_ring.rb', line 20 def name @name end |
Class Method Details
.from_encoded(bin) ⇒ Object
94 95 96 97 98 |
# File 'lib/ccipher_box/secure_ring.rb', line 94 def self.from_encoded(bin) st = BinStruct.instance.struct_from_bin(bin) encKeyConfig = EncKeyConfig.from_encoded(st.keyConfigs) SecureRing.new({ encSeed: st.cipherSeed, encKeyConfig: encKeyConfig, name: st.name }) end |
Instance Method Details
#dispose_key(name) ⇒ Object
56 57 58 59 |
# File 'lib/ccipher_box/secure_ring.rb', line 56 def dispose_key(name) @vault.deregister(name) self end |
#encoded ⇒ Object
86 87 88 89 90 91 92 |
# File 'lib/ccipher_box/secure_ring.rb', line 86 def encoded st = BinStruct.instance.struct(:secure_ring) st.name = @name st.cipherSeed = @encSeed st.keyConfigs = @encKeyConfig.encoded st.encoded end |
#generate_key(name, opts = { }) ⇒ Object
generate new operation key for data encryption and decryption
41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/ccipher_box/secure_ring.rb', line 41 def generate_key(name, opts = { }) algo = opts[:algo] || :aes keysize = opts[:keysize] || 256 sk = CcipherFactory::SymKeyGenerator.derive(algo, keysize) do |ops| case ops when :password @encSeed end end @vault.register(name, sk) @encKeyConfig.register_config(name, sk.encoded) end |
#get_key(name) ⇒ Object
69 70 71 |
# File 'lib/ccipher_box/secure_ring.rb', line 69 def get_key(name) @vault.get_key(name) end |
#is_key_registered?(name) ⇒ Boolean
61 62 63 |
# File 'lib/ccipher_box/secure_ring.rb', line 61 def is_key_registered?(name) @vault.is_registered?(name) end |
#new_decryption_engine ⇒ Object
82 83 84 |
# File 'lib/ccipher_box/secure_ring.rb', line 82 def new_decryption_engine DecryptionEngine.new(@vault) end |
#new_encryption_engine(*keyNames) ⇒ Object
73 74 75 76 77 78 79 80 |
# File 'lib/ccipher_box/secure_ring.rb', line 73 def new_encryption_engine(*keyNames) names = [] keyNames.each do |name| raise KeyNotRegistered, "Key with name '#{name}' not registered" if not is_key_registered?(name) names << @vault.get_key(name) end EncryptionEngine.new(*names) end |
#registered_keys ⇒ Object
65 66 67 |
# File 'lib/ccipher_box/secure_ring.rb', line 65 def registered_keys @vault.keys.freeze end |