Class: Desviar::EncryptedItem::Encryptor::Version1Encryptor
- Inherits:
-
Object
- Object
- Desviar::EncryptedItem::Encryptor::Version1Encryptor
- Defined in:
- lib/encrypt.rb
Direct Known Subclasses
Instance Attribute Summary collapse
-
#key ⇒ Object
readonly
Returns the value of attribute key.
-
#plaintext_data ⇒ Object
readonly
Returns the value of attribute plaintext_data.
Instance Method Summary collapse
-
#encrypted_data ⇒ Object
Encrypts and Base64 encodes
serialized_data
. -
#for_encrypted_item ⇒ Object
Returns a wrapped and encrypted version of
plaintext_data
suitable for using as the value in an encrypted data bag item. -
#initialize(plaintext_data, key, iv = nil) ⇒ Version1Encryptor
constructor
Create a new Encryptor for
data
, which will be encrypted with the givenkey
. -
#iv ⇒ Object
Generates or returns the IV.
-
#openssl_encryptor ⇒ Object
Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.
-
#serialized_data ⇒ Object
Wraps the data in a single key Hash (JSON Object) and converts to JSON.
Constructor Details
#initialize(plaintext_data, key, iv = nil) ⇒ Version1Encryptor
Create a new Encryptor for data
, which will be encrypted with the given key
.
Arguments:
-
data: An object of any type that can be serialized to json
-
key: A String representing the desired passphrase
-
iv: The optional
iv
parameter is intended for testing use only. When
not supplied, Encryptor will use OpenSSL to generate a secure random IV, which is what you want.
100 101 102 103 104 |
# File 'lib/encrypt.rb', line 100 def initialize(plaintext_data, key, iv=nil) @plaintext_data = plaintext_data @key = key @iv = iv && Base64.decode64(iv) end |
Instance Attribute Details
#key ⇒ Object (readonly)
Returns the value of attribute key.
88 89 90 |
# File 'lib/encrypt.rb', line 88 def key @key end |
#plaintext_data ⇒ Object (readonly)
Returns the value of attribute plaintext_data.
89 90 91 |
# File 'lib/encrypt.rb', line 89 def plaintext_data @plaintext_data end |
Instance Method Details
#encrypted_data ⇒ Object
Encrypts and Base64 encodes serialized_data
139 140 141 142 143 144 145 |
# File 'lib/encrypt.rb', line 139 def encrypted_data @encrypted_data ||= begin enc_data = openssl_encryptor.update(serialized_data) enc_data << openssl_encryptor.final Base64.encode64(enc_data) end end |
#for_encrypted_item ⇒ Object
Returns a wrapped and encrypted version of plaintext_data
suitable for using as the value in an encrypted data bag item.
108 109 110 111 112 113 114 115 |
# File 'lib/encrypt.rb', line 108 def for_encrypted_item { "encrypted_data" => encrypted_data, "iv" => Base64.encode64(iv), "version" => 1, "cipher" => ALGORITHM } end |
#iv ⇒ Object
Generates or returns the IV.
118 119 120 121 122 123 |
# File 'lib/encrypt.rb', line 118 def iv # Generated IV comes from OpenSSL::Cipher::Cipher#random_iv # This gets generated when +openssl_encryptor+ gets created. openssl_encryptor if @iv.nil? @iv end |
#openssl_encryptor ⇒ Object
Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.
127 128 129 130 131 132 133 134 135 136 |
# File 'lib/encrypt.rb', line 127 def openssl_encryptor @openssl_encryptor ||= begin encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM) encryptor.encrypt @iv ||= encryptor.random_iv encryptor.iv = @iv encryptor.key = Digest::SHA256.digest(key) encryptor end end |
#serialized_data ⇒ Object
Wraps the data in a single key Hash (JSON Object) and converts to JSON. The wrapper is required because we accept values (such as Integers or Strings) that do not produce valid JSON when serialized without the wrapper.
151 152 153 |
# File 'lib/encrypt.rb', line 151 def serialized_data Yajl::Encoder.encode(:json_wrapper => plaintext_data) end |