Class: CredStash::CipherKey
- Inherits:
-
Object
- Object
- CredStash::CipherKey
- Defined in:
- lib/cred_stash/cipher_key.rb
Instance Attribute Summary collapse
-
#data_key ⇒ Object
readonly
Returns the value of attribute data_key.
-
#hmac_key ⇒ Object
readonly
Returns the value of attribute hmac_key.
-
#wrapped_key ⇒ Object
readonly
Returns the value of attribute wrapped_key.
Class Method Summary collapse
- .decrypt(wrapped_key, client: Aws::KMS::Client.new) ⇒ Object
- .generate(client: Aws::KMS::Client.new) ⇒ Object
Instance Method Summary collapse
- #decrypt(message) ⇒ Object
- #encrypt(message) ⇒ Object
- #hmac(message) ⇒ Object
-
#initialize(data_key:, hmac_key:, wrapped_key:) ⇒ CipherKey
constructor
A new instance of CipherKey.
Constructor Details
#initialize(data_key:, hmac_key:, wrapped_key:) ⇒ CipherKey
22 23 24 25 26 |
# File 'lib/cred_stash/cipher_key.rb', line 22 def initialize(data_key:, hmac_key:, wrapped_key:) @data_key = data_key @hmac_key = hmac_key @wrapped_key = wrapped_key end |
Instance Attribute Details
#data_key ⇒ Object (readonly)
Returns the value of attribute data_key.
2 3 4 |
# File 'lib/cred_stash/cipher_key.rb', line 2 def data_key @data_key end |
#hmac_key ⇒ Object (readonly)
Returns the value of attribute hmac_key.
2 3 4 |
# File 'lib/cred_stash/cipher_key.rb', line 2 def hmac_key @hmac_key end |
#wrapped_key ⇒ Object (readonly)
Returns the value of attribute wrapped_key.
2 3 4 |
# File 'lib/cred_stash/cipher_key.rb', line 2 def wrapped_key @wrapped_key end |
Class Method Details
.decrypt(wrapped_key, client: Aws::KMS::Client.new) ⇒ Object
13 14 15 16 17 18 19 20 |
# File 'lib/cred_stash/cipher_key.rb', line 13 def self.decrypt(wrapped_key, client: Aws::KMS::Client.new) res = client.decrypt(ciphertext_blob: wrapped_key) new( data_key: res.plaintext[0...32], hmac_key: res.plaintext[32..-1], wrapped_key: wrapped_key ) end |
.generate(client: Aws::KMS::Client.new) ⇒ Object
4 5 6 7 8 9 10 11 |
# File 'lib/cred_stash/cipher_key.rb', line 4 def self.generate(client: Aws::KMS::Client.new) res = client.generate_data_key(key_id: 'alias/credstash', number_of_bytes: 64) new( data_key: res.plaintext[0...32], hmac_key: res.plaintext[32..-1], wrapped_key: res.ciphertext_blob ) end |
Instance Method Details
#decrypt(message) ⇒ Object
36 37 38 |
# File 'lib/cred_stash/cipher_key.rb', line 36 def decrypt() CredStash::Cipher.new(data_key).decrypt() end |
#encrypt(message) ⇒ Object
32 33 34 |
# File 'lib/cred_stash/cipher_key.rb', line 32 def encrypt() CredStash::Cipher.new(data_key).encrypt() end |
#hmac(message) ⇒ Object
28 29 30 |
# File 'lib/cred_stash/cipher_key.rb', line 28 def hmac() OpenSSL::HMAC.hexdigest("SHA256", hmac_key, ) end |