Module: DPAPI

Extended by:

FFI::Library

Included in:

Kitchen::Driver::CredentialsManager

Defined in:

lib/kitchen/driver/dbapi.rb

Overview

Minimal wrapper around Microsoft’s DPAPI

struct & function definitions cribbed from… msdn.microsoft.com/en-us/library/ms995355.aspx

Defined Under Namespace

Classes: DataBlob, DecryptError, EncryptError

Constant Summary

UI_FORBIDDEN =

www.pinvoke.net/default.aspx/Enums/CryptProtectFlags.html dwFlags is a bitvector with the following values…

0x1

LOCAL_MACHINE =

0x4

CRED_SYNC =

0x8

AUDIT =

0x10

NO_RECOVERY =

0x20

VERIFY_PROTECTION =

0x40

Instance Method Summary

• #decrypt(ciphertext, entropy = nil, flags = []) ⇒ Object
• #encrypt(plaintext, entropy = nil, flags = [], desc = nil) ⇒ Object

Instance Method Details

#decrypt(ciphertext, entropy = nil, flags = []) ⇒ Object

# File 'lib/kitchen/driver/dbapi.rb', line 96

def decrypt ciphertext, entropy=nil, flags=[]
  plaintext_blob  = DataBlob.new
  desc = FFI::MemoryPointer.new(:pointer, 256)

  CryptUnprotectData(DataBlob.new(ciphertext),
                     desc,
                     DataBlob.new(entropy),
                     nil,
                     nil,
                     flags.reduce(0, :|),
                     plaintext_blob) or
    raise DecryptError
  
  [plaintext_blob.data,
   desc.read_pointer.nil? ? nil : desc.read_pointer.read_string
  ]
end

#encrypt(plaintext, entropy = nil, flags = [], desc = nil) ⇒ Object

# File 'lib/kitchen/driver/dbapi.rb', line 66

def encrypt plaintext, entropy=nil, flags = [], desc=nil
  ciphertext_blob = DataBlob.new

  CryptProtectData(DataBlob.new(plaintext),
                   desc,
                   entropy.nil? ? nil : DataBlob.new(entropy),
                   nil,
                   nil,
                   flags.reduce(0, :|),
                   ciphertext_blob) or
    raise EncryptErorr
  
  ciphertext_blob.data
end