class Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor
Attributes
Public Class Methods
Create a new Encryptor for
data
, which will be encrypted with the given key
.
Arguments:¶ ↑
-
data: An object of any type that can be serialized to json
-
key: A String representing the desired passphrase
-
iv: The optional
iv
parameter is intended for testing use only. When
not supplied, Encryptor will use OpenSSL to generate a secure random IV, which is what you want.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 62 def initialize(plaintext_data, key, iv=nil) @plaintext_data = plaintext_data @key = key @iv = iv && Base64.decode64(iv) end
Public Instance Methods
Encrypts and Base64 encodes serialized_data
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 101 def encrypted_data @encrypted_data ||= begin enc_data = openssl_encryptor.update(serialized_data) enc_data << openssl_encryptor.final Base64.encode64(enc_data) end end
Returns a wrapped and encrypted version of plaintext_data
suitable for using as the value in an encrypted data bag item.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 70 def for_encrypted_item { "encrypted_data" => encrypted_data, "iv" => Base64.encode64(iv), "version" => 1, "cipher" => ALGORITHM } end
Generates or returns the IV.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 80 def iv # Generated IV comes from OpenSSL::Cipher::Cipher#random_iv # This gets generated when +openssl_encryptor+ gets created. openssl_encryptor if @iv.nil? @iv end
Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 89 def openssl_encryptor @openssl_encryptor ||= begin encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM) encryptor.encrypt @iv ||= encryptor.random_iv encryptor.iv = @iv encryptor.key = Digest::SHA256.digest(key) encryptor end end
Wraps the data in a single key Hash (JSON Object) and converts to JSON. The wrapper is required because we accept values (such as Integers or Strings) that do not produce valid JSON when serialized without the wrapper.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 113 def serialized_data FFI_Yajl::Encoder.encode(:json_wrapper => plaintext_data) end