Class: ComplexConfig::Encryption

Inherits:

Object

• Object
• ComplexConfig::Encryption

Defined in:

lib/complex_config/encryption.rb

Overview

A class that provides encryption and decryption services using AES-128-GCM

This class handles the encryption and decryption of configuration data using OpenSSL’s AES-128-GCM cipher mode. It manages the encryption key validation, initialization vector generation, and authentication tag handling required for secure encrypted communication.

See Also:

• EncryptionError
• EncryptionKeyInvalid
• DecryptionFailed

Instance Method Summary

• #decrypt(text) ⇒ Object

  The decrypt method decodes encrypted text using AES-128-GCM decryption.

• #encrypt(text) ⇒ String

  The encrypt method encodes text using AES-128-GCM encryption.

• #initialize(secret) ⇒ Encryption constructor

  Initializes a new encryption instance with the specified secret key.

Constructor Details

#initialize(secret) ⇒ Encryption

Initializes a new encryption instance with the specified secret key

This method sets up the encryption object by validating the secret key length and preparing the OpenSSL cipher for AES-128-GCM encryption operations

Raises:

• (ComplexConfig::EncryptionKeyInvalid) —

  if the secret key is not exactly 16 bytes in length

# File 'lib/complex_config/encryption.rb', line 25

def initialize(secret)
  @secret = secret
  @secret.size != 16 and raise ComplexConfig::EncryptionKeyInvalid,
    "encryption key #{@secret.inspect} must be 16 bytes"
  @cipher = OpenSSL::Cipher.new('aes-128-gcm')
end

Instance Method Details

#decrypt(text) ⇒ Object

The decrypt method decodes encrypted text using AES-128-GCM decryption

Raises:

• (ComplexConfig::DecryptionFailed) —

  if the authentication tag is invalid or decryption fails with the provided key

# File 'lib/complex_config/encryption.rb', line 70

def decrypt(text)
  encrypted, iv, auth_tag = text.split('--').map { |v| base64_decode(v) }

  auth_tag.nil? || auth_tag.bytes.length != 16 and
    raise ComplexConfig::DecryptionFailed, "auth_tag was invalid"

  @cipher.decrypt
  @cipher.key = @secret
  @cipher.iv  = iv
  @cipher.auth_tag = auth_tag
  @cipher.auth_data = ""

  decrypted_data = @cipher.update(encrypted)
  decrypted_data << @cipher.final

  Marshal.load(decrypted_data)
rescue OpenSSL::Cipher::CipherError
  raise ComplexConfig::DecryptionFailed, "decryption failed with this key"
end

#encrypt(text) ⇒ String

The encrypt method encodes text using AES-128-GCM encryption

This method takes a text input and encrypts it using the OpenSSL cipher configured with AES-128-GCM mode. It generates a random initialization vector and authentication tag, then combines the encrypted data, IV, and auth tag into a base64-encoded string separated by ‘–’

encryption

# File 'lib/complex_config/encryption.rb', line 45

def encrypt(text)
  @cipher.encrypt
  @cipher.key = @secret
  iv = @cipher.random_iv
  @cipher.auth_data = ""

  encrypted = @cipher.update(Marshal.dump(text))
  encrypted << @cipher.final

  [
    encrypted,
    iv,
    @cipher.auth_tag
  ].map { |v| base64_encode(v) }.join('--')
end