Class: Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor
- Inherits:
-
Version1Encryptor
- Object
- Version1Encryptor
- Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor
- Includes:
- Assertions
- Defined in:
- lib/chef/encrypted_data_bag_item/encryptor.rb
Instance Attribute Summary
Attributes inherited from Version1Encryptor
Class Method Summary collapse
Instance Method Summary collapse
-
#algorithm ⇒ Object
Returns the used encryption algorithm.
-
#auth_tag ⇒ Object
Returns a wrapped and encrypted version of
plaintext_data
suitable for Returns the auth_tag. -
#encrypted_data ⇒ Object
Encrypts, Base64 encodes
serialized_data
and gets the authentication tag. -
#for_encrypted_item ⇒ Object
Returns a wrapped and encrypted version of
plaintext_data
suitable for using as the value in an encrypted data bag item. -
#initialize(plaintext_data, key, iv = nil) ⇒ Version3Encryptor
constructor
A new instance of Version3Encryptor.
-
#openssl_encryptor ⇒ Object
Generates (and memoizes) an OpenSSL::Cipher object and configures it for the specified iv and encryption key using AEAD.
Methods included from Assertions
#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!
Methods inherited from Version1Encryptor
Constructor Details
#initialize(plaintext_data, key, iv = nil) ⇒ Version3Encryptor
Returns a new instance of Version3Encryptor.
165 166 167 168 169 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 165 def initialize(plaintext_data, key, iv = nil) super assert_aead_requirements_met!(algorithm) @auth_tag = nil end |
Class Method Details
.encryptor_keys ⇒ Object
219 220 221 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 219 def self.encryptor_keys super + %w{ auth_tag } end |
Instance Method Details
#algorithm ⇒ Object
Returns the used encryption algorithm
184 185 186 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 184 def algorithm AEAD_ALGORITHM end |
#auth_tag ⇒ Object
Returns a wrapped and encrypted version of plaintext_data
suitable for Returns the auth_tag.
190 191 192 193 194 195 196 197 198 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 190 def auth_tag # Generated auth_tag comes from OpenSSL::Cipher#auth_tag # This must be generated after the data is encrypted if @auth_tag.nil? raise EncryptionFailure, "Internal Error: GCM authentication tag read before encryption" end @auth_tag end |
#encrypted_data ⇒ Object
Encrypts, Base64 encodes serialized_data
and gets the authentication tag
211 212 213 214 215 216 217 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 211 def encrypted_data @encrypted_data ||= begin enc_data_b64 = super @auth_tag = openssl_encryptor.auth_tag enc_data_b64 end end |
#for_encrypted_item ⇒ Object
Returns a wrapped and encrypted version of plaintext_data
suitable for using as the value in an encrypted data bag item.
173 174 175 176 177 178 179 180 181 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 173 def for_encrypted_item { "encrypted_data" => encrypted_data, "iv" => Base64.encode64(iv), "auth_tag" => Base64.encode64(auth_tag), "version" => 3, "cipher" => algorithm, } end |
#openssl_encryptor ⇒ Object
Generates (and memoizes) an OpenSSL::Cipher object and configures it for the specified iv and encryption key using AEAD
202 203 204 205 206 207 208 |
# File 'lib/chef/encrypted_data_bag_item/encryptor.rb', line 202 def openssl_encryptor @openssl_encryptor ||= begin encryptor = super encryptor.auth_data = "" encryptor end end |