Class: Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor

Inherits:

Version1Decryptor

Object
Version1Decryptor
Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor

show all

Defined in:: lib/chef/encrypted_data_bag_item/decryptor.rb

Instance Attribute Summary

Attributes inherited from Version1Decryptor

#encrypted_data, #key

Instance Method Summary collapse

Methods inherited from Version1Decryptor

#assert_valid_cipher!, #encrypted_bytes, #for_decrypted_item, #initialize, #iv, #openssl_decryptor

Constructor Details

This class inherits a constructor from Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor

Instance Method Details

#decrypted_data ⇒ `Object`

# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 173

def decrypted_data
  validate_hmac! unless @decrypted_data
  super
end

#validate_hmac! ⇒ `Object`

# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 178

def validate_hmac!
  digest = OpenSSL::Digest::Digest.new("sha256")
  raw_hmac = OpenSSL::HMAC.digest(digest, key, @encrypted_data["encrypted_data"])

  if candidate_hmac_matches?(raw_hmac)
    true
  else
    raise DecryptionFailure, "Error decrypting data bag value: invalid hmac. Most likely the provided key is incorrect"
  end
end

Class: Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor

Instance Attribute Summary

Attributes inherited from Version1Decryptor

Instance Method Summary collapse

Methods inherited from Version1Decryptor

Constructor Details

Instance Method Details

#decrypted_data ⇒ Object

#validate_hmac! ⇒ Object

#decrypted_data ⇒ `Object`

#validate_hmac! ⇒ `Object`