Class: Hydan::Crypto::KMS::DecryptionHelper

Inherits:

Object

• Object
• Hydan::Crypto::KMS::DecryptionHelper

Includes:

Hydan::Crypto

Defined in:

lib/hydan/crypto/kms/decrypt.rb

Constant Summary

Constants included from Hydan::Crypto

DEFAULT_CIPHER

Instance Method Summary

• #decrypt(json) ⇒ String

  Decrypts a JSON object.

• #decrypt_env_file(env_body) ⇒ String

  Decrypts an env-formatted text string.

• #initialize ⇒ DecryptionHelper constructor

  A new instance of DecryptionHelper.

Constructor Details

#initialize ⇒ DecryptionHelper

Returns a new instance of DecryptionHelper.

# File 'lib/hydan/crypto/kms/decrypt.rb', line 10

def initialize
  @kms = Aws::KMS::Client.new
end

Instance Method Details

#decrypt(json) ⇒ String

Decrypts a JSON object

Returns:

# File 'lib/hydan/crypto/kms/decrypt.rb', line 16

def decrypt(json)
  input_hash = JSON.parse(json)
  data_key = Base64.strict_decode64(input_hash['data_key'])
  plaintext_key = @kms.decrypt(:ciphertext_blob => data_key).plaintext
  cipher = Gibberish::AES.new(plaintext_key)
  plaintext = cipher.decrypt(JSON.generate(input_hash['ciphertext']))
  plaintext
end

#decrypt_env_file(env_body) ⇒ String

Decrypts an env-formatted text string. A file is considered to be env-formatted when:

• Each line consists of K=V pairs

• Each V is a JSON string that contains a Gibberish payload (ciphertext, IV, salt, etc) and an encrypted data key that was used to encrypt the ciphertext

Returns:

# File 'lib/hydan/crypto/kms/decrypt.rb', line 32

def decrypt_env_file(env_body)
  new_text = []
  env_body.each_line do |l|
    k, v = l.match(Hydan::IO::ENV_LINE_REGEX).captures
    dec_v = decrypt(v)
    new_text << "#{k}=#{dec_v}"
  end
  new_text
end