Class: Chef::EncryptedDataBagItem::Decryptor::Version3Decryptor

Inherits:
Version1Decryptor show all
Defined in:
lib/chef/encrypted_data_bag_item/decryptor.rb

Instance Attribute Summary

Attributes inherited from Version1Decryptor

#encrypted_data, #key

Attributes inherited from Version0Decryptor

#encrypted_data, #key

Instance Method Summary collapse

Methods inherited from Version1Decryptor

#decrypted_data, #encrypted_bytes, #for_decrypted_item, #iv

Methods inherited from Version0Decryptor

#decrypted_data, #encrypted_bytes, #for_decrypted_item

Methods included from Assertions

#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!

Constructor Details

#initialize(encrypted_data, key) ⇒ Version3Decryptor

Returns a new instance of Version3Decryptor.



202
203
204
205
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 202

def initialize(encrypted_data, key)
  super
  assert_aead_requirements_met!(algorithm)
end

Instance Method Details

#algorithmObject

Returns the used decryption algorithm



208
209
210
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 208

def algorithm
  AEAD_ALGORITHM
end

#auth_tagObject



212
213
214
215
216
217
218
219
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 212

def auth_tag
  auth_tag_b64 = @encrypted_data["auth_tag"]
  if auth_tag_b64.nil?
    raise DecryptionFailure, "Error decrypting data bag value: invalid authentication tag. Most likely the data is corrupted"
  end

  Base64.decode64(auth_tag_b64)
end

#openssl_decryptorObject



221
222
223
224
225
226
227
228
229
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 221

def openssl_decryptor
  @openssl_decryptor ||=
    begin
      d = super
      d.auth_tag = auth_tag
      d.auth_data = ""
      d
    end
end