Class: Hiera::Backend::Eyaml::Encryptors::SecretBox
- Inherits:
-
Encryptor
- Object
- Encryptor
- Hiera::Backend::Eyaml::Encryptors::SecretBox
- Defined in:
- lib/hiera/backend/eyaml/encryptors/secretbox.rb
Constant Summary collapse
- VERSION =
"0.4.0"
Class Method Summary collapse
Class Method Details
.create_keys ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/hiera/backend/eyaml/encryptors/secretbox.rb', line 54 def self.create_keys public_key = self.option :public_key private_key = self.option :private_key raise StandardError, 'secretbox_public_key is not defined' unless public_key raise StandardError, 'secretbox_private_key is not defined' unless private_key key = RbNaCl::PrivateKey.generate key_b64 = Base64.encode64 key.to_bytes pub = key.public_key pub_b64 = Base64.encode64 pub.to_bytes EncryptHelper.ensure_key_dir_exists private_key EncryptHelper.write_important_file :filename => private_key, :content => key_b64, :mode => 0600 EncryptHelper.ensure_key_dir_exists public_key EncryptHelper.write_important_file :filename => public_key, :content => pub_b64, :mode => 0644 LoggingHelper.info 'Keys created OK' end |
.decrypt(message) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/hiera/backend/eyaml/encryptors/secretbox.rb', line 39 def self.decrypt public_key_bin = .byteslice(0, RbNaCl::PublicKey::BYTES) ciphertext = .byteslice(RbNaCl::PublicKey::BYTES, .length) # Receivers private key key = RbNaCl::PrivateKey.new(private_key) # Senders public key pub = RbNaCl::PublicKey.new(public_key_bin) # Decrypted cipher text box = RbNaCl::SimpleBox.from_keypair(pub, key) box.decrypt(ciphertext) end |
.encrypt(plaintext) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/hiera/backend/eyaml/encryptors/secretbox.rb', line 27 def self.encrypt plaintext # Receivers public key pub = RbNaCl::PublicKey.new(public_key) # Senders private key key = RbNaCl::PrivateKey.generate box = RbNaCl::SimpleBox.from_keypair(pub, key) # Public key plus cipher text key.public_key.to_str + box.encrypt(plaintext) end |