Module: Secret::Encryption

Included in:

File

Defined in:

lib/secret/encryption.rb

Overview

Enables basic encryption support with AES.

Note that encryption and decription are rather slow processes and are intended to be used with small strings / file sizes. Please use sparingly!

Instance Method Summary

• #change_encryption_passphrase!(old_passphrase, new_passphrase) ⇒ Object

  Change the passphrase.

• #decrypt!(passphrase) ⇒ Object

  Immediately decrypt the contents of this file.

• #decrypted(passphrase) ⇒ Object

  Gets the decrypted version of this.

• #encrypt!(passphrase) ⇒ Object

  Encrypt the contents of this file immediately.

• #encrypted(passphrase) ⇒ Object

  Gets the contents of the file in an encrypted format.

• #encrypted? ⇒ Boolean

  Checks to see if the file is encrypted.

• #ensure_unencrypted! ⇒ Object

  Ensure that the contents of this file are unencrypted.

• #remove_encrypted_indicator ⇒ Object
• #stash_encrypted(data, passphrase) ⇒ Object

  Stash the contents of this file with an encrypted password.

Instance Method Details

#change_encryption_passphrase!(old_passphrase, new_passphrase) ⇒ Object

Change the passphrase.

Raises:

• (ArgumentError)

# File 'lib/secret/encryption.rb', line 44

def change_encryption_passphrase!(old_passphrase, new_passphrase)
  raise ArgumentError, "The contents of this file are not encrypted" unless encrypted?
  original = decrypted old_passphrase
  remove_encrypted_indicator
  stash_encrypted original, new_passphrase
end

#decrypt!(passphrase) ⇒ Object

Immediately decrypt the contents of this file.

Raises:

• (OpenSSL::Cipher::CipherError) —

  if the password was incorrect

# File 'lib/secret/encryption.rb', line 31

def decrypt!(passphrase)
  raise ArgumentError, "The contents of this file are not encrypted" unless encrypted?
  str = decrypted(passphrase)
  remove_encrypted_indicator
  stash str
end

#decrypted(passphrase) ⇒ Object

Gets the decrypted version of this.

Raises:

• (OpenSSL::Cipher::CipherError) —

  if the password was incorrect

# File 'lib/secret/encryption.rb', line 24

def decrypted(passphrase)
  return contents unless encrypted?
  AES.decrypt contents, passphrase
end

#encrypt!(passphrase) ⇒ Object

Encrypt the contents of this file immediately

# File 'lib/secret/encryption.rb', line 39

def encrypt!(passphrase)
  stash_encrypted passphrase, contents
end

#encrypted(passphrase) ⇒ Object

Gets the contents of the file in an encrypted format. This may quite possibly result in doubly-encrypted text if you’re not careful. This process will take a few moments.

# File 'lib/secret/encryption.rb', line 16

def encrypted(passphrase)
  return contents if encrypted?
  encrypt_string passphrase, contents
end

#encrypted? ⇒ Boolean

Checks to see if the file is encrypted

Returns:

• (Boolean)

# File 'lib/secret/encryption.rb', line 62

def encrypted?
  ::File.exist?(encrypted_meta_filename)
end

#ensure_unencrypted! ⇒ Object

Ensure that the contents of this file are unencrypted

Raises:

• (FileEncryptedError)

# File 'lib/secret/encryption.rb', line 67

def ensure_unencrypted!
  raise FileEncryptedError, "Contents of the file are encrypted" if encrypted?
end

#remove_encrypted_indicator ⇒ Object

# File 'lib/secret/encryption.rb', line 72

def remove_encrypted_indicator
  ::File.delete encrypted_meta_filename if encrypted?
end

#stash_encrypted(data, passphrase) ⇒ Object

Stash the contents of this file with an encrypted password

Raises:

• (ArgumentError)

# File 'lib/secret/encryption.rb', line 52

def stash_encrypted(data, passphrase)
  raise ArgumentError, "The contents of this file is already encrypted" if encrypted?
  ::File.open(encrypted_meta_filename, 'w', container.chmod_mode) {|f| f.write "aes-default" }
  str = encrypt_string passphrase, data
  stash str
  ::File.open(encrypted_meta_filename, 'w', container.chmod_mode) {|f| f.write "aes-default" }
end