Class: Desviar::EncryptedItem::Encryptor::Version1Encryptor

Inherits:

Object

• Object
• Desviar::EncryptedItem::Encryptor::Version1Encryptor

Defined in:

lib/encrypt.rb

Direct Known Subclasses

Version2Encryptor

Instance Attribute Summary

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #plaintext_data ⇒ Object readonly

  Returns the value of attribute plaintext_data.

Instance Method Summary

• #encrypted_data ⇒ Object

  Encrypts and Base64 encodes serialized_data.

• #for_encrypted_item ⇒ Object

  Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

• #initialize(plaintext_data, key, iv = nil) ⇒ Version1Encryptor constructor

  Create a new Encryptor for data, which will be encrypted with the given key.

• #iv ⇒ Object

  Generates or returns the IV.

• #openssl_encryptor ⇒ Object

  Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.

• #serialized_data ⇒ Object

  Wraps the data in a single key Hash (JSON Object) and converts to JSON.

Constructor Details

#initialize(plaintext_data, key, iv = nil) ⇒ Version1Encryptor

Create a new Encryptor for data, which will be encrypted with the given key.

Arguments:

• data: An object of any type that can be serialized to json

• key: A String representing the desired passphrase

• iv: The optional iv parameter is intended for testing use only. When

not supplied, Encryptor will use OpenSSL to generate a secure random IV, which is what you want.

# File 'lib/encrypt.rb', line 100

def initialize(plaintext_data, key, iv=nil)
  @plaintext_data = plaintext_data
  @key = key
  @iv = iv && Base64.decode64(iv)
end

Instance Attribute Details

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/encrypt.rb', line 88

def key
  @key
end

#plaintext_data ⇒ Object (readonly)

Returns the value of attribute plaintext_data.

# File 'lib/encrypt.rb', line 89

def plaintext_data
  @plaintext_data
end

Instance Method Details

#encrypted_data ⇒ Object

Encrypts and Base64 encodes serialized_data

# File 'lib/encrypt.rb', line 139

def encrypted_data
  @encrypted_data ||= begin
    enc_data = openssl_encryptor.update(serialized_data)
    enc_data << openssl_encryptor.final
    Base64.encode64(enc_data)
  end
end

#for_encrypted_item ⇒ Object

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

# File 'lib/encrypt.rb', line 108

def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "iv" => Base64.encode64(iv),
    "version" => 1,
    "cipher" => ALGORITHM
  }
end

#iv ⇒ Object

Generates or returns the IV.

# File 'lib/encrypt.rb', line 118

def iv
  # Generated IV comes from OpenSSL::Cipher::Cipher#random_iv
  # This gets generated when +openssl_encryptor+ gets created.
  openssl_encryptor if @iv.nil?
  @iv
end

#openssl_encryptor ⇒ Object

Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.

# File 'lib/encrypt.rb', line 127

def openssl_encryptor
  @openssl_encryptor ||= begin
    encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM)
    encryptor.encrypt
    @iv ||= encryptor.random_iv
    encryptor.iv = @iv
    encryptor.key = Digest::SHA256.digest(key)
    encryptor
  end
end

#serialized_data ⇒ Object

Wraps the data in a single key Hash (JSON Object) and converts to JSON. The wrapper is required because we accept values (such as Integers or Strings) that do not produce valid JSON when serialized without the wrapper.

# File 'lib/encrypt.rb', line 151

def serialized_data
  Yajl::Encoder.encode(:json_wrapper => plaintext_data)
end