Class: Aws::S3::Encryption::DefaultCipherProvider Private
- Inherits:
-
Object
- Object
- Aws::S3::Encryption::DefaultCipherProvider
- Defined in:
- lib/aws-sdk-s3/encryption/default_cipher_provider.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Instance Method Summary collapse
-
#decryption_cipher(envelope, options = {}) ⇒ Cipher
private
Given an encryption envelope, returns a decryption cipher.
-
#encryption_cipher ⇒ Array<Hash,Cipher>
private
Creates an returns a new encryption envelope and encryption cipher.
-
#initialize(options = {}) ⇒ DefaultCipherProvider
constructor
private
A new instance of DefaultCipherProvider.
Constructor Details
#initialize(options = {}) ⇒ DefaultCipherProvider
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns a new instance of DefaultCipherProvider.
11 12 13 |
# File 'lib/aws-sdk-s3/encryption/default_cipher_provider.rb', line 11 def initialize( = {}) @key_provider = [:key_provider] end |
Instance Method Details
#decryption_cipher(envelope, options = {}) ⇒ Cipher
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns Given an encryption envelope, returns a decryption cipher.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/aws-sdk-s3/encryption/default_cipher_provider.rb', line 31 def decryption_cipher(envelope, = {}) master_key = @key_provider.key_for(envelope['x-amz-matdesc']) if envelope.key? 'x-amz-key' # Support for decryption of legacy objects key = Utils.decrypt(master_key, decode64(envelope['x-amz-key'])) iv = decode64(envelope['x-amz-iv']) Utils.aes_decryption_cipher(:CBC, key, iv) else if envelope['x-amz-cek-alg'] != 'AES/GCM/NoPadding' raise ArgumentError, 'Unsupported cek-alg: ' \ "#{envelope['x-amz-cek-alg']}" end key = case envelope['x-amz-wrap-alg'] when 'AES/GCM' if master_key.is_a? OpenSSL::PKey::RSA raise ArgumentError, 'Key mismatch - Client is configured' \ ' with an RSA key and the x-amz-wrap-alg is AES/GCM.' end Utils.decrypt_aes_gcm(master_key, decode64(envelope['x-amz-key-v2']), envelope['x-amz-cek-alg']) when 'RSA-OAEP-SHA1' unless master_key.is_a? OpenSSL::PKey::RSA raise ArgumentError, 'Key mismatch - Client is configured' \ ' with an AES key and the x-amz-wrap-alg is RSA-OAEP-SHA1.' end key, cek_alg = Utils.decrypt_rsa(master_key, decode64(envelope['x-amz-key-v2'])) raise Errors::DecryptionError unless cek_alg == envelope['x-amz-cek-alg'] key when 'kms+context' raise ArgumentError, 'Key mismatch - Client is configured' \ ' with a user provided key and the x-amz-wrap-alg is' \ ' kms+context. Please configure the client with the' \ ' required kms_key_id' else raise ArgumentError, 'Unsupported wrap-alg: ' \ "#{envelope['x-amz-wrap-alg']}" end iv = decode64(envelope['x-amz-iv']) Utils.aes_decryption_cipher(:GCM, key, iv) end end |
#encryption_cipher ⇒ Array<Hash,Cipher>
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns Creates an returns a new encryption envelope and encryption cipher.
17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/aws-sdk-s3/encryption/default_cipher_provider.rb', line 17 def encryption_cipher cipher = Utils.aes_encryption_cipher(:CBC) ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility ##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version. envelope = { 'x-amz-key' => encode64(encrypt(envelope_key(cipher))), 'x-amz-iv' => encode64(envelope_iv(cipher)), 'x-amz-matdesc' => materials_description, } [envelope, cipher] end |