Module: Darrrr::DefaultEncryptor
- Extended by:
- Constants
- Defined in:
- lib/darrrr/cryptors/default/default_encryptor.rb
Constant Summary
Constants included from Constants
Constants::CLOCK_SKEW, Constants::COUNTERSIGNED_RECOVERY_TOKEN_TYPE, Constants::DIGEST, Constants::GROUP, Constants::PRIME_256_V1, Constants::PROTOCOL_VERSION, Constants::RECOVERY_TOKEN_TYPE, Constants::TOKEN_ID_BYTE_LENGTH, Constants::WELL_KNOWN_CONFIG_PATH
Class Method Summary collapse
-
.decrypt(ciphertext, _provider, _context = nil) ⇒ Object
Decrypts the data.
-
.encrypt(data, _provider, _context = nil) ⇒ Object
Encrypts the data in an opaque way.
-
.sign(payload, key, _provider, context = nil) ⇒ Object
payload: binary serialized recovery token (to_binary_s).
-
.verify(payload, signature, key, _provider, _context = nil) ⇒ Object
payload: token in binary form signature: signature of the binary token key: the EC public key used to verify the signature context: arbitrary data originally passed in via #unseal.
Class Method Details
.decrypt(ciphertext, _provider, _context = nil) ⇒ Object
Decrypts the data
ciphertext: the byte array to be decrypted context: arbitrary data originally passed in via RecoveryToken#decode
returns a string
24 25 26 |
# File 'lib/darrrr/cryptors/default/default_encryptor.rb', line 24 def decrypt(ciphertext, _provider, _context = nil) EncryptedData.parse(ciphertext).decrypt end |
.encrypt(data, _provider, _context = nil) ⇒ Object
Encrypts the data in an opaque way
data: the secret to be encrypted context: arbitrary data originally passed in via Provider#seal
returns a byte array representation of the data
14 15 16 |
# File 'lib/darrrr/cryptors/default/default_encryptor.rb', line 14 def encrypt(data, _provider, _context = nil) EncryptedData.build(data).to_binary_s end |
.sign(payload, key, _provider, context = nil) ⇒ Object
payload: binary serialized recovery token (to_binary_s).
key: the private EC key used to sign the token context: arbitrary data originally passed in via Provider#seal
returns signature in ASN.1 DER r + s sequence
35 36 37 38 39 |
# File 'lib/darrrr/cryptors/default/default_encryptor.rb', line 35 def sign(payload, key, _provider, context = nil) digest = DIGEST.new.digest(payload) ec = OpenSSL::PKey::EC.new(Base64.strict_decode64(key)) ec.dsa_sign_asn1(digest) end |
.verify(payload, signature, key, _provider, _context = nil) ⇒ Object
payload: token in binary form signature: signature of the binary token key: the EC public key used to verify the signature context: arbitrary data originally passed in via #unseal
returns true if signature validates the payload
47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/darrrr/cryptors/default/default_encryptor.rb', line 47 def verify(payload, signature, key, _provider, _context = nil) public_key_hex = format_key(key) pkey = OpenSSL::PKey::EC.new(GROUP) public_key_bn = OpenSSL::BN.new(public_key_hex, 16) public_key = OpenSSL::PKey::EC::Point.new(GROUP, public_key_bn) pkey.public_key = public_key pkey.verify(DIGEST.new, signature, payload) rescue OpenSSL::PKey::ECError, OpenSSL::PKey::PKeyError => e raise CryptoError, "Unable verify recovery token" end |