Class: Klay::Key::Encrypter

Inherits:

Object

• Object
• Klay::Key::Encrypter

Defined in:

lib/klay/key/encrypter.rb

Overview

The Encrypter class to handle PBKDF2-SHA-256 encryption.

Defined Under Namespace

Classes: EncrypterError

Class Method Summary

• .perform(key, password, options = {}) ⇒ JSON

  Class method Encrypter.perform to performa an key-store encryption.

Instance Method Summary

• #data ⇒ Hash

  Output containing the encrypted key and other identifying data.

• #initialize(key, options = {}) ⇒ Encrypter constructor

  Constructor of the Encrypter class for secret key encryption.

• #perform(password) ⇒ String

  Encrypt the key with a given password.

Constructor Details

#initialize(key, options = {}) ⇒ Encrypter

Constructor of the Klay::Key::Encrypter class for secret key encryption. Should not be used; use perform instead.

Parameters:

• key (Klay::Key) —

  representing a secret key-pair used for encryption.

• options (Hash) (defaults to: {}) —

  the options to encrypt with.

Options Hash (options):

• :kdf (String) —

  key derivation function defaults to pbkdf2.

• :id (String) —

  uuid given to the secret key.

• :iterations (String) —

  number of iterations for the hash function.

• :salt (String) —

  passed to PBKDF.

• :iv (String) —

  128-bit initialisation vector for the cipher.

• :parallelization (Integer) —

  parallelization factor for scrypt, defaults to 8.

• :block_size (Integer) —

  for scrypt, defaults to 1.

# File 'lib/klay/key/encrypter.rb', line 54

def initialize(key, options = {})
  key = Key.new(priv: key) if key.is_a? String
  @key = key
  @options = options

  # the key derivation functions default to pbkdf2 if no option is specified
  # however, if an option is given then it must be either pbkdf2 or scrypt
  if kdf != "scrypt" && kdf != "pbkdf2"
    raise EncrypterError, "Unsupported key derivation function: #{kdf}!"
  end
end

Class Method Details

.perform(key, password, options = {}) ⇒ JSON

Class method perform to performa an key-store encryption.

Parameters:

• key (Klay::Key) —

  representing a secret key-pair used for encryption.

• options (Hash) (defaults to: {}) —

  the options to encrypt with.

Options Hash (options):

• :kdf (String) —

  key derivation function defaults to pbkdf2.

• :id (String) —

  uuid given to the secret key.

• :iterations (String) —

  number of iterations for the hash function.

• :salt (String) —

  passed to PBKDF.

• :iv (String) —

  128-bit initialisation vector for the cipher.

• :parallelization (Integer) —

  parallelization factor for scrypt, defaults to 8.

• :block_size (Integer) —

  for scrypt, defaults to 1.

Returns:

• (JSON) —

  formatted with encrypted key (cyphertext) and other identifying data.

# File 'lib/klay/key/encrypter.rb', line 37

def self.perform(key, password, options = {})
  new(key, options).perform(password)
end

Instance Method Details

#data ⇒ Hash

Output containing the encrypted key and other identifying data

Returns:

• (Hash) —

  the encrypted keystore data.

# File 'lib/klay/key/encrypter.rb', line 80

def data
  # default to pbkdf2
  kdfparams = if kdf == "scrypt"
      {
        dklen: 32,
        n: iterations,
        p: parallelization,
        r: block_size,
        salt: Util.bin_to_hex(salt),
      }
    else
      {
        c: iterations,
        dklen: 32,
        prf: prf,
        salt: Util.bin_to_hex(salt),
      }
    end

  {
    crypto: {
      cipher: cipher_name,
      cipherparams: {
        iv: Util.bin_to_hex(iv),
      },
      ciphertext: Util.bin_to_hex(encrypted_key),
      kdf: kdf,
      kdfparams: kdfparams,
      mac: Util.bin_to_hex(mac),
    },
    id: id,
    version: 3,
  }
end

#perform(password) ⇒ String

Encrypt the key with a given password.

Parameters:

• password (String) —

  a secret key used for encryption

Returns:

• (String) —

  a JSON-formatted keystore string.

# File 'lib/klay/key/encrypter.rb', line 70

def perform(password)
  derive_key password
  encrypt
  data.to_json
end