Module: EDB::Cryptography::AES_256_CBC

Defined in:
lib/edb/cryptography/aes_256_cbc.rb

Class Method Summary collapse

Class Method Details

.decrypt(ciphered_data) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/edb/cryptography/aes_256_cbc.rb', line 50

def decrypt(ciphered_data)
  raise "Cannot decrypt #{filename}: It's empty" if ciphered_data.length < 64

  decipher = OpenSSL::Cipher.new('AES-256-CBC')
  decipher.decrypt

  authentication = slice_str!(ciphered_data, 32)

  hkdf = HKDF.new(::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret])
  decipher.key       = hkdf.next_bytes(32)
  authentication_key = hkdf.next_bytes(64)

  new_authentication = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), authentication_key, ciphered_data)
  raise 'Authentication failed.' unless FastSecureCompare.compare(authentication, new_authentication)

  decipher.iv = slice_str!(ciphered_data, 16)

  deciphered_data = decipher.update(ciphered_data) + decipher.final
end

.encrypt(data) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/edb/cryptography/aes_256_cbc.rb', line 32

def encrypt(data)
  raise "Cannot encrypt #{filename}: It's empty" if data.empty?

  cipher = OpenSSL::Cipher.new('AES-256-CBC')
  cipher.encrypt

  hkdf = HKDF.new(::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret])
  cipher.key         = hkdf.next_bytes(32)
  authentication_key = hkdf.next_bytes(64)
  cipher.iv     = iv = cipher.random_iv

  ciphered_data = cipher.update(data) + cipher.final
  ciphered_data << iv

  authentication = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), authentication_key, ciphered_data)
  ciphered_data << authentication
end