Class: Kasefet::EncryptedFlatKV

Inherits:

FlatKV

• Object
• FlatKV
• Kasefet::EncryptedFlatKV

Defined in:

lib/kasefet/encrypted_flat_kv.rb

Overview

FlatKV where values are stored encrypted on the disk

Constant Summary

CipherIVLength =

12

CipherAuthTagLength =

16

Constants inherited from FlatKV

FlatKV::MagicNumber

Instance Attribute Summary

• #cipher_key ⇒ Object

  Returns the value of attribute cipher_key.

• #key_salt ⇒ Object

  Returns the value of attribute key_salt.

Attributes inherited from FlatKV

#device_name, #extension, #root

Instance Method Summary

• #decrypt_value(encrypted_value, cipher_key) ⇒ Object
• #encrypt_value(value, cipher_key) ⇒ Object
• #initialize(cipher_key:, key_salt: nil, **options) ⇒ EncryptedFlatKV constructor

  A new instance of EncryptedFlatKV.

• #key_to_digest(key) ⇒ Object
• #read_file(file_path) ⇒ Object
• #reencrypt_all_values!(new_key) ⇒ Object
• #write_file(path, contents) ⇒ Object

Methods inherited from FlatKV

#[], #[]=, #dir_for_key, #file_for_key, #format_value, #read_value

Constructor Details

#initialize(cipher_key:, key_salt: nil, **options) ⇒ EncryptedFlatKV

Returns a new instance of EncryptedFlatKV.

# File 'lib/kasefet/encrypted_flat_kv.rb', line 11

def initialize(cipher_key:, key_salt: nil, **options)
  super(**options)
  @cipher = OpenSSL::Cipher.new("aes-256-gcm")
  @cipher_key = cipher_key
  @key_salt = key_salt
end

Instance Attribute Details

#cipher_key ⇒ Object

Returns the value of attribute cipher_key.

# File 'lib/kasefet/encrypted_flat_kv.rb', line 18

def cipher_key
  @cipher_key
end

#key_salt ⇒ Object

Returns the value of attribute key_salt.

# File 'lib/kasefet/encrypted_flat_kv.rb', line 18

def key_salt
  @key_salt
end

Instance Method Details

#decrypt_value(encrypted_value, cipher_key) ⇒ Object

# File 'lib/kasefet/encrypted_flat_kv.rb', line 49

def decrypt_value(encrypted_value, cipher_key)
  @cipher.decrypt
  @cipher.key = cipher_key
  @cipher.iv = encrypted_value[0...CipherIVLength]
  encrypted_value = encrypted_value[CipherIVLength..-1]
  @cipher.auth_tag = encrypted_value[0...CipherAuthTagLength]
  encrypted_value = encrypted_value[CipherAuthTagLength..-1]
  value = @cipher.update(encrypted_value) + @cipher.final
  return value
end

#encrypt_value(value, cipher_key) ⇒ Object

# File 'lib/kasefet/encrypted_flat_kv.rb', line 37

def encrypt_value(value, cipher_key)
  @cipher.encrypt
  @cipher.key = cipher_key
  iv = @cipher.random_iv
  @cipher.iv = iv
  @cipher.auth_data = ""
  encrypted_value = @cipher.update(value) + @cipher.final
  encrypted_value = @cipher.auth_tag + encrypted_value
  encrypted_value = iv + encrypted_value
  return encrypted_value
end

#key_to_digest(key) ⇒ Object

# File 'lib/kasefet/encrypted_flat_kv.rb', line 20

def key_to_digest(key)
  key = "#{@key_salt}/#{key}/#{@key_salt}" if @key_salt
  return super(key)
end

#read_file(file_path) ⇒ Object

# File 'lib/kasefet/encrypted_flat_kv.rb', line 60

def read_file(file_path)
  encrypted_contents = super(file_path)
  return nil if encrypted_contents.nil?
  return decrypt_value(encrypted_contents, @cipher_key)
end

#reencrypt_all_values!(new_key) ⇒ Object

# File 'lib/kasefet/encrypted_flat_kv.rb', line 25

def reencrypt_all_values!(new_key)
  old_key = @cipher_key

  Dir[@root + "*" + "*" + "*"].each do |encrypted_file|
    old_encrypted_value = File.binread(encrypted_file)
    value = decrypt_value(old_encrypted_value, old_key)
    new_encrypted_value = encrypt_value(value, new_key)
    File.binwrite(encrypted_file, new_encrypted_value)
  end
  @cipher_key = new_key
end

#write_file(path, contents) ⇒ Object

# File 'lib/kasefet/encrypted_flat_kv.rb', line 66

def write_file(path, contents)
  return super(path, encrypt_value(contents, @cipher_key))
end