Class: RightScale::EncryptedDocument
- Defined in:
- lib/right_agent/security/encrypted_document.rb
Overview
Represents a signed an encrypted document that can be later decrypted using the right private key and whose signature can be verified using the right cert. This class can be used both to encrypt and sign data and to then check the signature and decrypt an encrypted document.
Class Method Summary collapse
-
.from_data(encrypted_data) ⇒ Object
Initialize from encrypted data.
Instance Method Summary collapse
-
#decrypted_data(key, cert) ⇒ Object
Decrypted data.
-
#encrypted_data(format = :pem) ⇒ Object
Encrypted data in PEM (base64) or DER (binary) format.
-
#initialize(data, certs, cipher = 'AES-256-CBC') ⇒ EncryptedDocument
constructor
Encrypt and sign data using certificate and key pair.
Constructor Details
#initialize(data, certs, cipher = 'AES-256-CBC') ⇒ EncryptedDocument
Encrypt and sign data using certificate and key pair
Parameters
- data(String)
-
Data to be encrypted
- certs(Array|Certificate)
-
Target recipient certificates used to encrypt data
- cipher(Cipher)
-
Cipher used for encryption, AES 256 CBC by default
38 39 40 41 42 43 |
# File 'lib/right_agent/security/encrypted_document.rb', line 38 def initialize(data, certs, cipher = 'AES-256-CBC') cipher = OpenSSL::Cipher::Cipher.new(cipher) certs = [ certs ] unless certs.respond_to?(:collect) raw_certs = certs.collect { |c| c.raw_cert } @pkcs7 = OpenSSL::PKCS7.encrypt(raw_certs, data, cipher, OpenSSL::PKCS7::BINARY) end |
Class Method Details
.from_data(encrypted_data) ⇒ Object
Initialize from encrypted data
Parameters
- encrypted_data(String)
-
Encrypted data
Return
- doc(EncryptedDocument)
-
Encrypted document
52 53 54 55 56 |
# File 'lib/right_agent/security/encrypted_document.rb', line 52 def self.from_data(encrypted_data) doc = EncryptedDocument.allocate doc.instance_variable_set(:@pkcs7, RightScale::PKCS7.new(encrypted_data)) doc end |
Instance Method Details
#decrypted_data(key, cert) ⇒ Object
Decrypted data
Parameters
- key(RsaKeyPair)
-
Key pair used for decryption
- cert(Certificate)
-
Certificate to use for decryption
Return
- (String)
-
Decrypted data
77 78 79 |
# File 'lib/right_agent/security/encrypted_document.rb', line 77 def decrypted_data(key, cert) @pkcs7.decrypt(key.raw_key, cert.raw_cert) end |
#encrypted_data(format = :pem) ⇒ Object
Encrypted data in PEM (base64) or DER (binary) format
Parameters
- format(Symbol)
-
Encode format: :pem or :der, defaults to :pem
Return
- (String)
-
Encrypted data
65 66 67 |
# File 'lib/right_agent/security/encrypted_document.rb', line 65 def encrypted_data(format = :pem) format == :pem ? @pkcs7.to_pem : @pkcs7.to_der end |