Class: Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor

Inherits:

Version1Encryptor

Object
Version1Encryptor
Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor

show all

Defined in:: lib/chef/encrypted_data_bag_item/encryptor.rb

Instance Attribute Summary

Attributes inherited from Version1Encryptor

#key, #plaintext_data

Class Method Summary collapse

.encryptor_keys ⇒ Object

Instance Method Summary collapse

#for_encrypted_item ⇒ Object

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.
#hmac ⇒ Object

Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac).

Methods inherited from Version1Encryptor

#algorithm, #encrypted_data, #initialize, #iv, #openssl_encryptor, #serialized_data

Methods included from Assertions

#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!

Constructor Details

This class inherits a constructor from Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor

Class Method Details

.encryptor_keys ⇒ `Object`



157
158
159

# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 157

def self.encryptor_keys
  super + %w{ hmac }
end

Instance Method Details

#for_encrypted_item ⇒ `Object`

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 138

def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "hmac" => hmac,
    "iv" => Base64.encode64(iv),
    "version" => 2,
    "cipher" => algorithm,
  }
end

#hmac ⇒ `Object`

Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac)

# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 149

def hmac
  @hmac ||= begin
    digest = OpenSSL::Digest.new("sha256")
    raw_hmac = OpenSSL::HMAC.digest(digest, key, encrypted_data)
    Base64.encode64(raw_hmac)
  end
end