Class: CredStash::CipherKey
- Inherits:
-
Object
- Object
- CredStash::CipherKey
- Defined in:
- lib/cred_stash/cipher_key.rb
Constant Summary collapse
- DEFAULT_KMS_KEY_ID =
"alias/credstash".freeze
Instance Attribute Summary collapse
-
#data_key ⇒ Object
readonly
Returns the value of attribute data_key.
-
#hmac_key ⇒ Object
readonly
Returns the value of attribute hmac_key.
-
#wrapped_key ⇒ Object
readonly
Returns the value of attribute wrapped_key.
Class Method Summary collapse
- .decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {}) ⇒ Object
- .generate(client: Aws::KMS::Client.new, kms_key_id: nil, context: {}) ⇒ Object
Instance Method Summary collapse
- #decrypt(message) ⇒ Object
- #encrypt(message) ⇒ Object
- #hmac(message) ⇒ Object
-
#initialize(data_key:, hmac_key:, wrapped_key:) ⇒ CipherKey
constructor
A new instance of CipherKey.
Constructor Details
#initialize(data_key:, hmac_key:, wrapped_key:) ⇒ CipherKey
31 32 33 34 35 |
# File 'lib/cred_stash/cipher_key.rb', line 31 def initialize(data_key:, hmac_key:, wrapped_key:) @data_key = data_key @hmac_key = hmac_key @wrapped_key = wrapped_key end |
Instance Attribute Details
#data_key ⇒ Object (readonly)
Returns the value of attribute data_key.
6 7 8 |
# File 'lib/cred_stash/cipher_key.rb', line 6 def data_key @data_key end |
#hmac_key ⇒ Object (readonly)
Returns the value of attribute hmac_key.
6 7 8 |
# File 'lib/cred_stash/cipher_key.rb', line 6 def hmac_key @hmac_key end |
#wrapped_key ⇒ Object (readonly)
Returns the value of attribute wrapped_key.
6 7 8 |
# File 'lib/cred_stash/cipher_key.rb', line 6 def wrapped_key @wrapped_key end |
Class Method Details
.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {}) ⇒ Object
22 23 24 25 26 27 28 29 |
# File 'lib/cred_stash/cipher_key.rb', line 22 def self.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {}) res = client.decrypt(ciphertext_blob: wrapped_key, encryption_context: context) new( data_key: res.plaintext[0...32], hmac_key: res.plaintext[32..-1], wrapped_key: wrapped_key ) end |
.generate(client: Aws::KMS::Client.new, kms_key_id: nil, context: {}) ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/cred_stash/cipher_key.rb', line 8 def self.generate(client: Aws::KMS::Client.new, kms_key_id: nil, context: {}) res = client.generate_data_key( key_id: kms_key_id || DEFAULT_KMS_KEY_ID, number_of_bytes: 64, encryption_context: context ) new( data_key: res.plaintext[0...32], hmac_key: res.plaintext[32..-1], wrapped_key: res.ciphertext_blob ) end |
Instance Method Details
#decrypt(message) ⇒ Object
45 46 47 |
# File 'lib/cred_stash/cipher_key.rb', line 45 def decrypt() CredStash::Cipher.new(data_key).decrypt() end |
#encrypt(message) ⇒ Object
41 42 43 |
# File 'lib/cred_stash/cipher_key.rb', line 41 def encrypt() CredStash::Cipher.new(data_key).encrypt() end |
#hmac(message) ⇒ Object
37 38 39 |
# File 'lib/cred_stash/cipher_key.rb', line 37 def hmac() OpenSSL::HMAC.hexdigest("SHA256", hmac_key, ) end |