module AttrVault::Encryption

Internal: Encapsulates encryption and signing primitives

Constants

AES_BLOCK_SIZE

Public Class Methods

decrypt(key:, ciphertext:, iv:) click to toggle source

Internal: Decrypts the provided ciphertext using a AES-128-CBC cipher with a

the provided IV and encryption key

Arguments:

  • ciphertext - encrypted message

  • key - encryption key used to encrypt the message

  • iv - initialization vector used in the ciphertext's cipher

Examples

ciphertext, iv = AttrVault::Encryption.encrypt(
  message: 'this is a secret', key: encryption_key
)

Returns a two-element array containing the ciphertext and the random IV

# File lib/attr_vault/encryption.rb, line 51
def self.decrypt(key:, ciphertext:, iv:)
  decipher = OpenSSL::Cipher.new('AES-128-CBC')
  decipher.decrypt
  decipher.iv  = iv
  decipher.key = key
  decipher.update(ciphertext) + decipher.final
end
encrypt(key:, message:, iv: nil) click to toggle source

Internal: Encrypts the provided message using a AES-128-CBC cipher with a

random IV and the provided encryption key

Arguments:

  • message - the message to encrypt

  • key - the encryption key

  • iv - override for the random IV, only used for testing

Examples

ciphertext, iv = AttrVault::Encryption.encrypt(
  message: 'this is a secret', key: encryption_key
)

Returns a two-element array containing the ciphertext and the random IV

# File lib/attr_vault/encryption.rb, line 26
def self.encrypt(key:, message:, iv: nil)
  cipher = OpenSSL::Cipher.new('AES-128-CBC')
  cipher.encrypt
  iv ||= cipher.random_iv
  cipher.iv  = iv
  cipher.key = key
  [cipher.update(message) + cipher.final, iv]
end
hmac_digest(key, bytes) click to toggle source

Internal: Creates an HMAC signature (sha256 hashing) of the given bytes

with the provided signing key

key - the signing key bytes - blob of bytes to sign

Returns the HMAC signature as a string

# File lib/attr_vault/encryption.rb, line 66
def self.hmac_digest(key, bytes)
  OpenSSL::HMAC.digest('sha256', key, bytes)
end