Class: Lockbox::Box

Inherits:
Object
  • Object
show all
Defined in:
lib/lockbox/box.rb

Instance Method Summary collapse

Constructor Details

#initialize(key: nil, algorithm: nil, encryption_key: nil, decryption_key: nil) ⇒ Box

Returns a new instance of Box.

Raises:

  • (ArgumentError)


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/lockbox/box.rb', line 5

def initialize(key: nil, algorithm: nil, encryption_key: nil, decryption_key: nil)
  raise ArgumentError, "Cannot pass both key and public/private key" if key && (encryption_key || decryption_key)

  key = Lockbox::Utils.decode_key(key) if key
  encryption_key = Lockbox::Utils.decode_key(encryption_key) if encryption_key
  decryption_key = Lockbox::Utils.decode_key(decryption_key) if decryption_key

  algorithm ||= "aes-gcm"

  case algorithm
  when "aes-gcm"
    raise ArgumentError, "Missing key" unless key
    require "lockbox/aes_gcm"
    @box = AES_GCM.new(key)
  when "xchacha20"
    raise ArgumentError, "Missing key" unless key
    require "rbnacl"
    @box = RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
  when "xsalsa20"
    raise ArgumentError, "Missing key" unless key
    require "rbnacl"
    @box = RbNaCl::SecretBoxes::XSalsa20Poly1305.new(key)
  when "hybrid"
    raise ArgumentError, "Missing key" unless encryption_key || decryption_key
    require "rbnacl"
    @encryption_box = RbNaCl::Boxes::Curve25519XSalsa20Poly1305.new(encryption_key.slice(0, 32), encryption_key.slice(32..-1)) if encryption_key
    @decryption_box = RbNaCl::Boxes::Curve25519XSalsa20Poly1305.new(decryption_key.slice(32..-1), decryption_key.slice(0, 32)) if decryption_key
  else
    raise ArgumentError, "Unknown algorithm: #{algorithm}"
  end

  @algorithm = algorithm
end

Instance Method Details

#decrypt(ciphertext, associated_data: nil) ⇒ Object



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'lib/lockbox/box.rb', line 56

def decrypt(ciphertext, associated_data: nil)
  case @algorithm
  when "hybrid"
    raise ArgumentError, "No private key set" unless @decryption_box
    raise ArgumentError, "Associated data not supported with this algorithm" if associated_data
    nonce, ciphertext = extract_nonce(@decryption_box, ciphertext)
    @decryption_box.decrypt(nonce, ciphertext)
  when "xsalsa20"
    nonce, ciphertext = extract_nonce(@box, ciphertext)
    @box.decrypt(nonce, ciphertext)
  else
    nonce, ciphertext = extract_nonce(@box, ciphertext)
    @box.decrypt(nonce, ciphertext, associated_data)
  end
end

#encrypt(message, associated_data: nil) ⇒ Object



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/lockbox/box.rb', line 39

def encrypt(message, associated_data: nil)
  case @algorithm
  when "hybrid"
    raise ArgumentError, "No public key set" unless @encryption_box
    raise ArgumentError, "Associated data not supported with this algorithm" if associated_data
    nonce = generate_nonce(@encryption_box)
    ciphertext = @encryption_box.encrypt(nonce, message)
  when "xsalsa20"
    nonce = generate_nonce(@box)
    ciphertext = @box.encrypt(nonce, message)
  else
    nonce = generate_nonce(@box)
    ciphertext = @box.encrypt(nonce, message, associated_data)
  end
  nonce + ciphertext
end

#inspectObject

protect key for xchacha20 and hybrid



73
74
75
# File 'lib/lockbox/box.rb', line 73

def inspect
  to_s
end