Class: ComplexConfig::Encryption

Inherits:

Object

• Object
• ComplexConfig::Encryption

Defined in:

lib/complex_config/encryption.rb

Instance Method Summary

• #decrypt(text) ⇒ Object
• #encrypt(text) ⇒ Object
• #initialize(secret) ⇒ Encryption constructor

  A new instance of Encryption.

Constructor Details

#initialize(secret) ⇒ Encryption

Returns a new instance of Encryption.

# File 'lib/complex_config/encryption.rb', line 5

def initialize(secret)
  @secret = secret
  @secret.size != 16 and raise ComplexConfig::EncryptionKeyInvalid,
    "encryption key #{@secret.inspect} must be 16 bytes"
  @cipher = OpenSSL::Cipher.new('aes-128-gcm')
end

Instance Method Details

#decrypt(text) ⇒ Object

# File 'lib/complex_config/encryption.rb', line 28

def decrypt(text)
  encrypted, iv, auth_tag = text.split('--').map { |v| base64_decode(v) }

  auth_tag.nil? || auth_tag.bytes.length != 16 and
    raise ComplexConfig::DecryptionFailed, "auth_tag was invalid"

  @cipher.decrypt
  @cipher.key = @secret
  @cipher.iv  = iv
  @cipher.auth_tag = auth_tag
  @cipher.auth_data = ""

  decrypted_data = @cipher.update(encrypted)
  decrypted_data << @cipher.final

  Marshal.load(decrypted_data)
rescue OpenSSL::Cipher::CipherError
  raise ComplexConfig::DecryptionFailed, "decryption failed with this key"
end

#encrypt(text) ⇒ Object

# File 'lib/complex_config/encryption.rb', line 12

def encrypt(text)
  @cipher.encrypt
  @cipher.key = @secret
  iv = @cipher.random_iv
  @cipher.auth_data = ""

  encrypted = @cipher.update(Marshal.dump(text))
  encrypted << @cipher.final

  [
    encrypted,
    iv,
    @cipher.auth_tag
  ].map { |v| base64_encode(v) }.join('--')
end