Class: McAPI::Encryption::JweCrypto
- Inherits:
-
Object
- Object
- McAPI::Encryption::JweCrypto
- Defined in:
- lib/mcapi/encryption/crypto/jwe-crypto.rb
Overview
JWE Crypto class provide RSA/AES encrypt/decrypt methods
Instance Method Summary collapse
-
#decrypt_data(encrypted_data:) ⇒ String
Perform data decryption.
-
#encrypt_data(data:) ⇒ Hash
Perform data encryption:.
-
#initialize(config) ⇒ JweCrypto
constructor
Create a new instance with the provided config.
Constructor Details
#initialize(config) ⇒ JweCrypto
Create a new instance with the provided config
21 22 23 24 25 26 27 28 29 |
# File 'lib/mcapi/encryption/crypto/jwe-crypto.rb', line 21 def initialize(config) @encoding = config['dataEncoding'] @cert = OpenSSL::X509::Certificate.new(IO.binread(config['encryptionCertificate'])) if config['privateKey'] @private_key = OpenSSL::PKey.read(IO.binread(config['privateKey'])) end @encrypted_value_field_name = config['encryptedValueFieldName'] || 'encryptedData' @public_key_fingerprint = compute_public_fingerprint end |
Instance Method Details
#decrypt_data(encrypted_data:) ⇒ String
Perform data decryption
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/mcapi/encryption/crypto/jwe-crypto.rb', line 70 def decrypt_data(encrypted_data:) parts = encrypted_data.split('.') encrypted_header, encrypted_key, initialization_vector, cipher_text, authentication_tag = parts jwe_header = jwe_decode(encrypted_header) encrypted_key = jwe_decode(encrypted_key) iv = jwe_decode(initialization_vector) cipher_text = jwe_decode(cipher_text) cipher_tag = jwe_decode(authentication_tag) md = OpenSSL::Digest::SHA256 cek = @private_key.private_decrypt_oaep(encrypted_key, '', md, md) enc_method = JSON.parse(jwe_header)['enc'] if enc_method == "A256GCM" enc_string = "aes-256-gcm" elsif enc_method == "A128GCM" enc_string = "aes-128-gcm" elsif enc_method == "A192GCM" enc_string = "aes-192-gcm" elsif enc_method == "A128CBC-HS256" cek = cek.byteslice(16, cek.length) enc_string = "aes-128-cbc" else raise Exception, "Encryption method '#{enc_method}' not supported." end cipher = OpenSSL::Cipher.new(enc_string) cipher.decrypt cipher.key = cek cipher.iv = iv if enc_method == "A256GCM" || enc_method == "A128GCM" || enc_method == "A192GCM" cipher.auth_data = encrypted_header cipher.auth_tag = cipher_tag end cipher.update(cipher_text) + cipher.final end |
#encrypt_data(data:) ⇒ Hash
Perform data encryption:
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/mcapi/encryption/crypto/jwe-crypto.rb', line 38 def encrypt_data(data:) cek = SecureRandom.random_bytes(32) iv = SecureRandom.random_bytes(12) md = OpenSSL::Digest::SHA256 encrypted_key = @cert.public_key.public_encrypt_oaep(cek, '', md, md) header = generate_header('RSA-OAEP-256', 'A256GCM') json_hdr = header.to_json auth_data = jwe_encode(json_hdr) cipher = OpenSSL::Cipher.new('aes-256-gcm') cipher.encrypt cipher.key = cek cipher.iv = iv cipher.padding = 0 cipher.auth_data = auth_data cipher_text = cipher.update(data) + cipher.final payload = generate_serialization(json_hdr, encrypted_key, cipher_text, iv, cipher.auth_tag) { @encrypted_value_field_name => payload } end |