Class: SymmetricEncryption::Keystore::File

Inherits:
Object
  • Object
show all
Includes:
Utils::Files
Defined in:
lib/symmetric_encryption/keystore/file.rb

Constant Summary collapse

ALLOWED_PERMISSIONS = 
%w[100600 100400].freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(key_filename:, key_encrypting_key: nil) ⇒ File

Stores the Encryption key in a file. Secures the Encryption key by encrypting it with a key encryption key.



44
45
46
47
 
# File 'lib/symmetric_encryption/keystore/file.rb', line 44

def initialize(key_filename:, key_encrypting_key: nil)
  @file_name          = key_filename
  @key_encrypting_key = key_encrypting_key
end

Instance Attribute Details

#file_nameObject

Returns the value of attribute file_name.



7
8
9
 
# File 'lib/symmetric_encryption/keystore/file.rb', line 7

def file_name
  @file_name
end

#key_encrypting_keyObject

Returns the value of attribute key_encrypting_key.



7
8
9
 
# File 'lib/symmetric_encryption/keystore/file.rb', line 7

def key_encrypting_key
  @key_encrypting_key
end

Class Method Details

.generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object

Returns [Hash] a new keystore configuration after generating the data key.

Increments the supplied version number by 1.



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/symmetric_encryption/keystore/file.rb', line 12

def self.generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
  version >= 255 ? (version = 1) : (version += 1)

  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
  kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
  kekek = SymmetricEncryption::Key.new(cipher_name: cipher_name)

  dek_file_name = ::File.join(key_path, "#{app_name}_#{environment}_v#{version}.encrypted_key")
  new(key_filename: dek_file_name, key_encrypting_key: kek).write(dek.key)

  kekek_file_name = ::File.join(key_path, "#{app_name}_#{environment}_v#{version}.kekek")
  new(key_filename: kekek_file_name).write(kekek.key)

  {
    keystore:           :file,
    cipher_name:        dek.cipher_name,
    version:            version,
    key_filename:       dek_file_name,
    iv:                 dek.iv,
    key_encrypting_key: {
      encrypted_key:      kekek.encrypt(kek.key),
      iv:                 kek.iv,
      key_encrypting_key: {
        key_filename: kekek_file_name,
        iv:           kekek.iv
      }
    }
  }
end

Instance Method Details

#readObject

Returns the Encryption key in the clear.



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/symmetric_encryption/keystore/file.rb', line 50

def read
  unless ::File.exist?(file_name)
    raise(SymmetricEncryption::ConfigError,
          "Symmetric Encryption key file: '#{file_name}' not found")
  end
  unless correct_permissions?
    raise(SymmetricEncryption::ConfigError,
          "Symmetric Encryption key file '#{file_name}' has the wrong "\
          "permissions: #{::File.stat(file_name).mode.to_s(8)}. Expected 100600 or 100400.")
  end
  unless owned?
    raise(SymmetricEncryption::ConfigError,
          "Symmetric Encryption key file '#{file_name}' has the wrong "\
          "owner (#{stat.uid}) or group (#{stat.gid}). "\
          "Expected it to be owned by current user "\
          "#{ENV['USER'] || ENV['USERNAME']}.")
  end

  data = read_from_file(file_name)
  key_encrypting_key ? key_encrypting_key.decrypt(data) : data
end

#write(key) ⇒ Object

Encrypt and write the key to file.



73
74
75
76
 
# File 'lib/symmetric_encryption/keystore/file.rb', line 73

def write(key)
  data = key_encrypting_key ? key_encrypting_key.encrypt(key) : key
  write_to_file(file_name, data)
end