Class: Cryptor::SecretKey

Inherits:

Object

• Object
• Cryptor::SecretKey

Defined in:

lib/cryptor/secret_key.rb

Overview

Secret key used to encrypt plaintexts

Instance Attribute Summary

• #cipher ⇒ Object readonly

  Returns the value of attribute cipher.

Class Method Summary

• .random_key(cipher) ⇒ Cryptor::SecretKey

  Generate a random secret key.

Instance Method Summary

• #decrypt(ciphertext) ⇒ String

  Decrypt ciphertext using this key.

• #encrypt(plaintext) ⇒ String

  Encrypt a plaintext under this key.

• #fingerprint ⇒ String

  Fingerprint of this key’s secret URI.

• #initialize(uri_string) ⇒ Cryptor::SecretKey constructor

  Create a new SecretKey object from a URI.

• #inspect ⇒ String

  Inspect this key.

• #to_secret_uri ⇒ String

  Serialize SecretKey object to a URI.

Constructor Details

#initialize(uri_string) ⇒ Cryptor::SecretKey

Create a new SecretKey object from a URI

Parameters:

• uri (#to_s) —

  representing a secret key

Raises:

• (ArgumentError) —

  on invalid URIs

# File 'lib/cryptor/secret_key.rb', line 30

def initialize(uri_string)
  uri = URI.parse(uri_string.to_s)
  fail ArgumentError, "invalid scheme: #{uri.scheme}" unless uri.scheme == 'secret.key'

  components = uri.path.match(/^\/([^;]+);(.+)$/)
  fail ArgumentError, "couldn't parse cipher name from secret URI" unless components

  @cipher     = Cryptor::Cipher[components[1]]
  @secret_key = Cryptor::Encoding.decode(components[2])
end

Instance Attribute Details

#cipher ⇒ Object (readonly)

Returns the value of attribute cipher.

# File 'lib/cryptor/secret_key.rb', line 7

def cipher
  @cipher
end

Class Method Details

.random_key(cipher) ⇒ Cryptor::SecretKey

Generate a random secret key

Parameters:

• Cryptor::Cipher (Cryptor::Cipher, Symbol) —

  or algorithm name as a symbol

Returns:

• (Cryptor::SecretKey) —

  new secret key object

# File 'lib/cryptor/secret_key.rb', line 14

def self.random_key(cipher)
  cipher = Cryptor::Cipher[cipher] if cipher.is_a? Symbol
  fail ArgumentError, "invalid cipher: #{cipher.inspect}" unless cipher.is_a? Cryptor::Cipher
  bytes  = RbNaCl::Random.random_bytes(cipher.key_bytes)
  base64 = Cryptor::Encoding.encode(bytes)

  new "secret.key:///#{cipher.algorithm};#{base64}"
end

Instance Method Details

#decrypt(ciphertext) ⇒ String

Decrypt ciphertext using this key

Parameters:

• ciphertext (String) —

  string to be decrypted

Returns:

• (String) —

  plaintext decrypted from the given ciphertext

# File 'lib/cryptor/secret_key.rb', line 70

def decrypt(ciphertext)
  @cipher.decrypt(@secret_key, ciphertext)
end

#encrypt(plaintext) ⇒ String

Encrypt a plaintext under this key

Parameters:

• plaintext (String) —

  string to be encrypted

Returns:

• (String) —

  ciphertext encrypted under this key

# File 'lib/cryptor/secret_key.rb', line 61

def encrypt(plaintext)
  @cipher.encrypt(@secret_key, plaintext)
end

#fingerprint ⇒ String

Fingerprint of this key’s secret URI

Returns:

• (String) —

  fingerprint as a ni:// URL

# File 'lib/cryptor/secret_key.rb', line 51

def fingerprint
  digest = Digest::SHA256.digest(to_secret_uri)
  "ni:///sha-256;#{Cryptor::Encoding.encode(digest)}"
end

#inspect ⇒ String

Inspect this key

Returns:

• (String) —

  a string representing this key

# File 'lib/cryptor/secret_key.rb', line 77

def inspect
  "#<#{self.class}:0x#{object_id.to_s(16)} " \
  "cipher=#{cipher.algorithm} " \
  "fingerprint=#{fingerprint}>"
end

#to_secret_uri ⇒ String

Serialize SecretKey object to a URI

Returns:

• (String) —

  serialized URI representing the key

# File 'lib/cryptor/secret_key.rb', line 44

def to_secret_uri
  "secret.key:///#{@cipher.algorithm};#{Cryptor::Encoding.encode(@secret_key)}"
end