Class: RightScale::EncryptedDocument

Inherits:

Object

• Object
• RightScale::EncryptedDocument

Defined in:

lib/right_agent/security/encrypted_document.rb

Overview

Represents a signed an encrypted document that can be later decrypted using the right private key and whose signature can be verified using the right cert. This class can be used both to encrypt and sign data and to then check the signature and decrypt an encrypted document.

Class Method Summary

• .from_data(encrypted_data) ⇒ Object

  Initialize from encrypted data.

Instance Method Summary

• #decrypted_data(key, cert) ⇒ Object

  Decrypted data.

• #encrypted_data(format = :pem) ⇒ Object

  Encrypted data in PEM (base64) or DER (binary) format.

• #initialize(data, certs, cipher = 'AES-256-CBC') ⇒ EncryptedDocument constructor

  Encrypt and sign data using certificate and key pair.

Constructor Details

#initialize(data, certs, cipher = 'AES-256-CBC') ⇒ EncryptedDocument

Encrypt and sign data using certificate and key pair

Parameters

data(String)

Data to be encrypted

certs(Array|Certificate)

Target recipient certificates used to encrypt data

cipher(Cipher)

Cipher used for encryption, AES 256 CBC by default

# File 'lib/right_agent/security/encrypted_document.rb', line 38

def initialize(data, certs, cipher = 'AES-256-CBC')
  cipher = OpenSSL::Cipher::Cipher.new(cipher)
  certs = [ certs ] unless certs.respond_to?(:collect)
  raw_certs = certs.collect { |c| c.raw_cert }
  @pkcs7 = OpenSSL::PKCS7.encrypt(raw_certs, data, cipher, OpenSSL::PKCS7::BINARY)
end

Class Method Details

.from_data(encrypted_data) ⇒ Object

Initialize from encrypted data

Parameters

encrypted_data(String)

Encrypted data

Return

doc(EncryptedDocument)

Encrypted document

# File 'lib/right_agent/security/encrypted_document.rb', line 52

def self.from_data(encrypted_data)
  doc = EncryptedDocument.allocate
  doc.instance_variable_set(:@pkcs7, RightScale::PKCS7.new(encrypted_data))
  doc
end

Instance Method Details

#decrypted_data(key, cert) ⇒ Object

Decrypted data

Parameters

key(RsaKeyPair)

Key pair used for decryption

cert(Certificate)

Certificate to use for decryption

Return

(String)

Decrypted data

# File 'lib/right_agent/security/encrypted_document.rb', line 77

def decrypted_data(key, cert)
  @pkcs7.decrypt(key.raw_key, cert.raw_cert)
end

#encrypted_data(format = :pem) ⇒ Object

Encrypted data in PEM (base64) or DER (binary) format

Parameters

format(Symbol)

Encode format: :pem or :der, defaults to :pem

Return

(String)

Encrypted data

# File 'lib/right_agent/security/encrypted_document.rb', line 65

def encrypted_data(format = :pem)
  format == :pem ? @pkcs7.to_pem : @pkcs7.to_der
end