Class: Strongbox::Lock
- Inherits:
-
Object
- Object
- Strongbox::Lock
- Defined in:
- lib/strongbox/lock.rb
Overview
The Lock class encrypts and decrypts the protected attribute. It automatically encrypts the data when set and decrypts it when the private key password is provided.
Instance Method Summary collapse
-
#blank? ⇒ Boolean
Needed for validations.
-
#decrypt(password = nil) ⇒ Object
Given the private key password decrypts the attribute.
- #encrypt(plaintext) ⇒ Object
-
#initialize(name, instance, options = {}) ⇒ Lock
constructor
A new instance of Lock.
- #nil? ⇒ Boolean
- #size ⇒ Object
- #to_s ⇒ Object
Constructor Details
#initialize(name, instance, options = {}) ⇒ Lock
Returns a new instance of Lock.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/strongbox/lock.rb', line 7 def initialize name, instance, = {} @name = name @instance = instance @size = nil = Strongbox..merge() @is_empty = true if @instance[@name].blank? @base64 = [:base64] @public_key = [:public_key] || [:key_pair] @private_key = [:private_key] || [:key_pair] @padding = [:padding] @symmetric = [:symmetric] @symmetric_cipher = [:symmetric_cipher] @symmetric_key = [:symmetric_key] || "#{name}_key" @symmetric_iv = [:symmetric_iv] || "#{name}_iv" @key_proc = [:key_proc] @encrypt_iv = [:encrypt_iv] if @symmetric == :only if @encrypt_iv raise ArgumentError, ":encrypt_iv should be set to false for :symmetric => :only encryption, since encrypting the iv requires a pubkey" end if @public_key raise ArgumentError, ":public_key, :private_key and :key_pair are not used with :symmetric => :only" end unless @key_proc raise ArgumentError, ":key_proc option is required. This option specifies a proc or a symbol of a method on the instance, which will return a key used for the symmetric cypher." end else if @key_proc raise ArgumentError, ":key_proc is valid only when :symmetric => :only is specified, or when using encrypt_with_symmetric_key()" end end end |
Instance Method Details
#blank? ⇒ Boolean
Needed for validations
172 173 174 |
# File 'lib/strongbox/lock.rb', line 172 def blank? @instance[@name].blank? end |
#decrypt(password = nil) ⇒ Object
Given the private key password decrypts the attribute. Will raise OpenSSL::PKey::RSAError if the password is wrong.
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'lib/strongbox/lock.rb', line 110 def decrypt password = nil return "" if @is_empty # Given a private key and a nil password OpenSSL::PKey::RSA.new() will # *prompt* for a password, we default to an empty string to avoid that. ciphertext = @instance[@name] return nil if ciphertext.nil? return "" if ciphertext.empty? return "*encrypted*" if password.nil? and ! @key_proc unless @private_key or @symmetric == :only raise StrongboxError.new("#{@instance.class} model does not have private key_file") end if ciphertext ciphertext = Base64.decode64(ciphertext) if @base64 private_key = get_rsa_key(@private_key,password) if @symmetric == :always || @symmetric == :only symmetric_key = case @key_proc when Proc @key_proc.call( @instance ) when Symbol @instance.send( @key_proc ) else @instance[@symmetric_key] end symmetric_iv = @instance[@symmetric_iv] if @base64 if @symmetric == :always symmetric_key = Base64.decode64(symmetric_key) end symmetric_iv = Base64.decode64(symmetric_iv) end cipher = OpenSSL::Cipher::Cipher.new(@symmetric_cipher) cipher.decrypt cipher.key = if @symmetric == :only symmetric_key else private_key.private_decrypt(symmetric_key,@padding) end if @encrypt_iv cipher.iv = private_key.private_decrypt(symmetric_iv,@padding) else cipher.iv = symmetric_iv end plaintext = cipher.update(ciphertext) plaintext << cipher.final else plaintext = private_key.private_decrypt(ciphertext,@padding) end else nil end end |
#encrypt(plaintext) ⇒ Object
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
# File 'lib/strongbox/lock.rb', line 44 def encrypt plaintext unless @public_key or @symmetric == :only raise StrongboxError.new("#{@instance.class} model does not have public key_file") end if !plaintext.blank? @is_empty = false @size = plaintext.size # For validations # Using a blank password in OpenSSL::PKey::RSA.new prevents reading # the private key if the file is a key pair public_key = get_rsa_key(@public_key,"") if @symmetric == :always or @symmetric == :only cipher = OpenSSL::Cipher::Cipher.new(@symmetric_cipher) cipher.encrypt cipher.key = symmetric_key = case @key_proc when Proc @key_proc.call( @instance ) when Symbol @instance.send( @key_proc ) else cipher.random_key end cipher.iv = symmetric_iv = cipher.random_iv ciphertext = cipher.update(plaintext) ciphertext << cipher.final unless @symmetric == :only encrypted_key = public_key.public_encrypt(symmetric_key,@padding) end if @encrypt_iv encrypted_iv = public_key.public_encrypt(symmetric_iv,@padding) end if @base64 unless @symmetric == :only encrypted_key = Base64.encode64(encrypted_key) end if @encrypt_iv encrypted_iv = Base64.encode64(encrypted_iv) else symmetric_iv = Base64.encode64(symmetric_iv) end end unless @symmetric == :only @instance[@symmetric_key] = encrypted_key end if @encrypt_iv @instance[@symmetric_iv] = encrypted_iv else @instance[@symmetric_iv] = symmetric_iv end else ciphertext = public_key.public_encrypt(plaintext,@padding) end ciphertext = Base64.encode64(ciphertext) if @base64 @instance[@name] = ciphertext else @size = 0 @instance[@name] = "" @is_empty = true end end |
#nil? ⇒ Boolean
176 177 178 |
# File 'lib/strongbox/lock.rb', line 176 def nil? @instance[@name].nil? end |
#size ⇒ Object
180 181 182 |
# File 'lib/strongbox/lock.rb', line 180 def size @size end |
#to_s ⇒ Object
167 168 169 |
# File 'lib/strongbox/lock.rb', line 167 def to_s decrypt end |