Method: Chef::EncryptedAttribute::EncryptedMash::Version1#encrypt

Defined in:: lib/chef/encrypted_attribute/encrypted_mash/version1.rb

#encrypt(value, public_keys) ⇒ `EncryptedMash`

Encrypts data inside the current Chef::EncryptedAttribute::EncryptedMash object.

Parameters:

value (Mixed) —
value to encrypt, will be converted to JSON.
public_keys (Array<String, OpenSSL::PKey::RSA>) —
publics keys that will be able to decrypt the Chef::EncryptedAttribute::EncryptedMash.

Returns:

(EncryptedMash) —
the value encrypted.

Raises:

(EncryptionFailure) —
if there are encryption errors.
(InvalidPublicKey) —
if it is not a valid RSA public key.
(InvalidKey) —
if the RSA key format is wrong.
(MessageAuthenticationFailure) —
if HMAC calculation error.

# File 'lib/chef/encrypted_attribute/encrypted_mash/version1.rb', line 136

def encrypt(value, public_keys)
  secrets = {}
  value_json = json_encode(value)
  public_keys = parse_public_keys(public_keys)
  # encrypt the data
  encrypted_data = symmetric_encrypt_value(value_json)
  # should no include the secret in clear
  secrets['data'] = encrypted_data.delete('secret')
  self['encrypted_data'] = encrypted_data
  # generate hmac (encrypt-then-mac), excluding the secret
  hmac = generate_hmac(json_encode(self['encrypted_data'].sort))
  secrets['hmac'] = hmac.delete('secret')
  self['hmac'] = hmac
  # encrypt the shared secrets
  self['encrypted_secret'] =
    rsa_encrypt_multi_key(json_encode(secrets), public_keys)
  self
end

Method: Chef::EncryptedAttribute::EncryptedMash::Version1#encrypt

#encrypt(value, public_keys) ⇒ EncryptedMash

#encrypt(value, public_keys) ⇒ `EncryptedMash`