Method: Chef::EncryptedAttribute::EncryptedMash::Version1#decrypt

Defined in:
lib/chef/encrypted_attribute/encrypted_mash/version1.rb

#decrypt(key) ⇒ Mixed

Decrypts the current Chef::EncryptedAttribute::EncryptedMash object.

Parameters:

  • key (String, OpenSSL::PKey::RSA)

    RSA private key used to decrypt.

Returns:

  • (Mixed)

    the value decrypted.

Raises:


157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
 
# File 'lib/chef/encrypted_attribute/encrypted_mash/version1.rb', line 157

def decrypt(key)
  key = parse_decryption_key(key)
  enc_value = self['encrypted_data'].dup
  hmac = self['hmac'].dup
  # decrypt the shared secrets
  secrets =
    json_decode(rsa_decrypt_multi_key(self['encrypted_secret'], key))
  enc_value['secret'] = secrets['data']
  hmac['secret'] = secrets['hmac']
  # check hmac (encrypt-then-mac -> mac-then-decrypt)
  unless hmac_matches?(hmac, json_encode(self['encrypted_data'].sort))
    fail DecryptionFailure,
         'Error decrypting encrypted attribute: invalid hmac. Most '\
         'likely the data is corrupted.'
  end
  # decrypt the data
  value_json = symmetric_decrypt_value(enc_value)
  json_decode(value_json)
end