Class: Hide::AE
- Inherits:
-
Object
- Object
- Hide::AE
- Defined in:
- lib/hide/ae.rb
Overview
‘AE` implements authenticated encryption API based on AES-256
Class Method Summary collapse
-
.decrypt(data, key, salt, iter, iv, auth_tag, auth_data = "", key_length = 32) ⇒ Object
Decrypts an encrypted datastream with authenticity verification check.
-
.encrypt(data, key, salt, iter, iv = SecureRandom.random_bytes(12), auth_data = "", key_length = 32) ⇒ Object
Encrypts a data stream with an authenticity tag for reliable decryption.
Class Method Details
.decrypt(data, key, salt, iter, iv, auth_tag, auth_data = "", key_length = 32) ⇒ Object
Decrypts an encrypted datastream with authenticity verification check
[//]: # (TODO: investigate :reek:FeatureEnvy)
Returns the decrypted data
30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/hide/ae.rb', line 30 def decrypt( data, key, salt, iter, iv, auth_tag, auth_data = "", key_length = 32 ) decipher = OpenSSL::Cipher.new "aes-256-gcm" decipher.decrypt decipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(key, salt, iter, key_length) decipher.iv = iv decipher.auth_tag = auth_tag decipher.auth_data = auth_data decipher.update(data) + decipher.final rescue OpenSSL::Cipher::CipherError raise ArgumentError, "Authentication failed" end |
.encrypt(data, key, salt, iter, iv = SecureRandom.random_bytes(12), auth_data = "", key_length = 32) ⇒ Object
Encrypts a data stream with an authenticity tag for reliable decryption
Returns a hash containing encrypted data, IV and authentication tag
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'lib/hide/ae.rb', line 8 def encrypt( data, key, salt, iter, iv = SecureRandom.random_bytes(12), auth_data = "", key_length = 32 ) cipher = OpenSSL::Cipher.new "aes-256-gcm" cipher.encrypt cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(key, salt, iter, key_length) cipher.iv = iv cipher.auth_data = auth_data { data: cipher.update(data) + cipher.final, iv: iv, auth_tag: cipher.auth_tag } end |