Class: Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor

Inherits:
Version1Encryptor show all
Defined in:
lib/chef/encrypted_data_bag_item/encryptor.rb

Instance Attribute Summary

Attributes inherited from Version1Encryptor

#key, #plaintext_data

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Version1Encryptor

#algorithm, #encrypted_data, #initialize, #iv, #openssl_encryptor, #serialized_data

Methods included from Assertions

#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!

Constructor Details

This class inherits a constructor from Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor

Class Method Details

.encryptor_keysObject


157
158
159
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 157

def self.encryptor_keys
  super + %w{ hmac }
end

Instance Method Details

#for_encrypted_itemObject

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.


138
139
140
141
142
143
144
145
146
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 138

def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "hmac" => hmac,
    "iv" => Base64.encode64(iv),
    "version" => 2,
    "cipher" => algorithm,
  }
end

#hmacObject

Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac)


149
150
151
152
153
154
155
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 149

def hmac
  @hmac ||= begin
    digest = OpenSSL::Digest.new("sha256")
    raw_hmac = OpenSSL::HMAC.digest(digest, key, encrypted_data)
    Base64.encode64(raw_hmac)
  end
end