Class: Aws::S3::Encryption::KmsCipherProvider Private
- Inherits:
-
Object
- Object
- Aws::S3::Encryption::KmsCipherProvider
- Defined in:
- lib/aws-sdk-s3/encryption/kms_cipher_provider.rb
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Instance Method Summary collapse
-
#decryption_cipher(envelope) ⇒ Cipher
private
Given an encryption envelope, returns a decryption cipher.
-
#encryption_cipher ⇒ Array<Hash,Cipher>
private
Creates an returns a new encryption envelope and encryption cipher.
-
#initialize(options = {}) ⇒ KmsCipherProvider
constructor
private
A new instance of KmsCipherProvider.
Constructor Details
#initialize(options = {}) ⇒ KmsCipherProvider
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns a new instance of KmsCipherProvider.
9 10 11 12 |
# File 'lib/aws-sdk-s3/encryption/kms_cipher_provider.rb', line 9 def initialize( = {}) @kms_key_id = [:kms_key_id] @kms_client = [:kms_client] end |
Instance Method Details
#decryption_cipher(envelope) ⇒ Cipher
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns Given an encryption envelope, returns a decryption cipher.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/aws-sdk-s3/encryption/kms_cipher_provider.rb', line 37 def decryption_cipher(envelope) encryption_context = Json.load(envelope['x-amz-matdesc']) key = @kms_client.decrypt( ciphertext_blob: decode64(envelope['x-amz-key-v2']), encryption_context: encryption_context, ).plaintext iv = decode64(envelope['x-amz-iv']) block_mode = case envelope['x-amz-cek-alg'] when 'AES/CBC/PKCS5Padding' :CBC when 'AES/CBC/PKCS7Padding' :CBC when 'AES/GCM/NoPadding' :GCM else type = envelope['x-amz-cek-alg'].inspect msg = "unsupported content encrypting key (cek) format: #{type}" raise Errors::DecryptionError, msg end Utils.aes_decryption_cipher(block_mode, key, iv) end |
#encryption_cipher ⇒ Array<Hash,Cipher>
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns Creates an returns a new encryption envelope and encryption cipher.
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/aws-sdk-s3/encryption/kms_cipher_provider.rb', line 16 def encryption_cipher encryption_context = { "kms_cmk_id" => @kms_key_id } key_data = @kms_client.generate_data_key( key_id: @kms_key_id, encryption_context: encryption_context, key_spec: 'AES_256', ) cipher = Utils.aes_encryption_cipher(:CBC) cipher.key = key_data.plaintext envelope = { 'x-amz-key-v2' => encode64(key_data.ciphertext_blob), 'x-amz-iv' => encode64(cipher.iv = cipher.random_iv), 'x-amz-cek-alg' => 'AES/CBC/PKCS5Padding', 'x-amz-wrap-alg' => 'kms', 'x-amz-matdesc' => Json.dump(encryption_context) } [envelope, cipher] end |