class Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor

Public Class Methods

encryptor_keys() click to toggle source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 157
def self.encryptor_keys
  super + %w{ hmac }
end

Public Instance Methods

for_encrypted_item() click to toggle source

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 138
def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "hmac" => hmac,
    "iv" => Base64.encode64(iv),
    "version" => 2,
    "cipher" => algorithm,
  }
end
hmac() click to toggle source

Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac)

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 149
def hmac
  @hmac ||= begin
    digest = OpenSSL::Digest.new("sha256")
    raw_hmac = OpenSSL::HMAC.digest(digest, key, encrypted_data)
    Base64.encode64(raw_hmac)
  end
end