Class: Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor

Inherits:

Version1Encryptor

Object
Version1Encryptor
Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor

show all

Defined in:: lib/chef/encrypted_data_bag_item.rb

Instance Attribute Summary

Attributes inherited from Version1Encryptor

#key, #plaintext_data

Instance Method Summary collapse

#for_encrypted_item ⇒ Object

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.
#hmac ⇒ Object

Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac).

Methods inherited from Version1Encryptor

#encrypted_data, #initialize, #iv, #openssl_encryptor, #serialized_data

Constructor Details

This class inherits a constructor from Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor

Instance Method Details

#for_encrypted_item ⇒ `Object`

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

# File 'lib/chef/encrypted_data_bag_item.rb', line 159

def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "hmac" => hmac,
    "iv" => Base64.encode64(iv),
    "version" => 2,
    "cipher" => ALGORITHM
  }
end

#hmac ⇒ `Object`

Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac)

# File 'lib/chef/encrypted_data_bag_item.rb', line 170

def hmac
  @hmac ||= begin
    digest = OpenSSL::Digest::Digest.new("sha256")
    raw_hmac = OpenSSL::HMAC.digest(digest, key, encrypted_data)
    Base64.encode64(raw_hmac)
  end
end