Module: EDB::Cryptography::AES_256_CBC
- Defined in:
- lib/edb/cryptography/aes_256_cbc.rb
Class Method Summary collapse
Class Method Details
.decrypt(ciphered_data) ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/edb/cryptography/aes_256_cbc.rb', line 50 def decrypt(ciphered_data) raise "Cannot decrypt #{filename}: It's empty" if ciphered_data.length < 64 decipher = OpenSSL::Cipher.new('AES-256-CBC') decipher.decrypt authentication = slice_str!(ciphered_data, 32) hkdf = HKDF.new(::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret]) decipher.key = hkdf.next_bytes(32) authentication_key = hkdf.next_bytes(64) new_authentication = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), authentication_key, ciphered_data) raise 'Authentication failed.' unless FastSecureCompare.compare(authentication, new_authentication) decipher.iv = slice_str!(ciphered_data, 16) deciphered_data = decipher.update(ciphered_data) + decipher.final end |
.encrypt(data) ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/edb/cryptography/aes_256_cbc.rb', line 32 def encrypt(data) raise "Cannot encrypt #{filename}: It's empty" if data.empty? cipher = OpenSSL::Cipher.new('AES-256-CBC') cipher.encrypt hkdf = HKDF.new(::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret]) cipher.key = hkdf.next_bytes(32) authentication_key = hkdf.next_bytes(64) cipher.iv = iv = cipher.random_iv ciphered_data = cipher.update(data) + cipher.final ciphered_data << iv authentication = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), authentication_key, ciphered_data) ciphered_data << authentication end |