Class: SymmetricEncryption::Keystore::File

Inherits:

Object

• Object
• SymmetricEncryption::Keystore::File

Includes:

Utils::Files

Defined in:

lib/symmetric_encryption/keystore/file.rb

Instance Attribute Summary

• #file_name ⇒ Object

  Returns the value of attribute file_name.

• #key_encrypting_key ⇒ Object

  Returns the value of attribute key_encrypting_key.

Class Method Summary

• .generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object

  Returns [Hash] a new keystore configuration after generating the data key.

Instance Method Summary

• #initialize(key_filename:, key_encrypting_key: nil) ⇒ File constructor

  Stores the Encryption key in a file.

• #read ⇒ Object

  Returns the Encryption key in the clear.

• #write(key) ⇒ Object

  Encrypt and write the key to file.

Constructor Details

#initialize(key_filename:, key_encrypting_key: nil) ⇒ File

Stores the Encryption key in a file. Secures the Encryption key by encrypting it with a key encryption key.

# File 'lib/symmetric_encryption/keystore/file.rb', line 43

def initialize(key_filename:, key_encrypting_key: nil)
  @file_name          = key_filename
  @key_encrypting_key = key_encrypting_key
end

Instance Attribute Details

#file_name ⇒ Object

Returns the value of attribute file_name.

# File 'lib/symmetric_encryption/keystore/file.rb', line 6

def file_name
  @file_name
end

#key_encrypting_key ⇒ Object

Returns the value of attribute key_encrypting_key.

# File 'lib/symmetric_encryption/keystore/file.rb', line 6

def key_encrypting_key
  @key_encrypting_key
end

Class Method Details

.generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object

Returns [Hash] a new keystore configuration after generating the data key.

Increments the supplied version number by 1.

# File 'lib/symmetric_encryption/keystore/file.rb', line 11

def self.generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
  version >= 255 ? (version = 1) : (version += 1)

  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
  kek   = SymmetricEncryption::Key.new(cipher_name: cipher_name)
  kekek = SymmetricEncryption::Key.new(cipher_name: cipher_name)

  dek_file_name = ::File.join(key_path, "#{app_name}_#{environment}_v#{version}.encrypted_key")
  new(key_filename: dek_file_name, key_encrypting_key: kek).write(dek.key)

  kekek_file_name = ::File.join(key_path, "#{app_name}_#{environment}_v#{version}.kekek")
  new(key_filename: kekek_file_name).write(kekek.key)

  {
    keystore:           :file,
    cipher_name:        dek.cipher_name,
    version:            version,
    key_filename:       dek_file_name,
    iv:                 dek.iv,
    key_encrypting_key: {
      encrypted_key:      kekek.encrypt(kek.key),
      iv:                 kek.iv,
      key_encrypting_key: {
        key_filename: kekek_file_name,
        iv:           kekek.iv
      }
    }
  }
end

Instance Method Details

#read ⇒ Object

Returns the Encryption key in the clear.

# File 'lib/symmetric_encryption/keystore/file.rb', line 49

def read
  unless ::File.exist?(file_name)
    raise(SymmetricEncryption::ConfigError,
          "Symmetric Encryption key file: '#{file_name}' not found")
  end
  unless correct_permissions?
    raise(SymmetricEncryption::ConfigError,
          "Symmetric Encryption key file '#{file_name}' has the wrong "\
          "permissions: #{::File.stat(file_name).mode.to_s(8)}. Expected 100600 or 100400.")
  end

  data = read_from_file(file_name)
  key_encrypting_key ? key_encrypting_key.decrypt(data) : data
end

#write(key) ⇒ Object

Encrypt and write the key to file.

# File 'lib/symmetric_encryption/keystore/file.rb', line 65

def write(key)
  data = key_encrypting_key ? key_encrypting_key.encrypt(key) : key
  write_to_file(file_name, data)
end