module YamlRecrypt::Gpg

Public Class Methods

decrypt(ciphertext, gpg_home) click to toggle source
# File lib/yaml_recrypt/gpg.rb, line 21
def self.decrypt(ciphertext, gpg_home)
  gnupghome = gpg_home

  GPGME::Engine.home_dir = gnupghome

  ctx = GPGME::Ctx.new
  # Example of how to add support for asking the passphrase
  #  if hiera?
  #   GPGME::Ctx.new
  # else
  #   GPGME::Ctx.new(:passphrase_callback => method(:passfunc))
  # end

  if !ctx.keys.empty?
    raw = GPGME::Data.new(ciphertext)
    txt = GPGME::Data.new

    begin
      txt = ctx.decrypt(raw)
    rescue GPGME::Error::DecryptFailed => e
      warn("Fatal: Failed to decrypt ciphertext (check settings and that you are a recipient)")
      raise e
    rescue Exception => e
      warn("Warning: General exception decrypting GPG file")
      raise e
    end

    txt.seek 0
    txt.read
  else
    raise "No usable keys found in #{gpg_home}.  Things to check: permissions, "\
    "correct paths, file integrity, trying to use an older gpg to read files "\
    "from a newer one (export first).  Some verions of gpg insist on having the "\
    "--gpg-home directory as ~/.gnupg so please try moving your directory of gpg "\
    "stuff to that location"
  end
end
gnupghome() click to toggle source
# File lib/yaml_recrypt/gpg.rb, line 5
def self.gnupghome
gnupghome = self.option :gnupghome
debug("GNUPGHOME is #{gnupghome}")
  if gnupghome.nil? || gnupghome.empty?
    warn("No GPG home directory configured, check gpg_gnupghome configuration value is correct")
    raise ArgumentError, "No GPG home directory configured, check gpg_gnupghome configuration value is correct"
  elsif !File.directory?(gnupghome)
    warn("Configured GPG home directory #{gnupghome} doesn't exist, check gpg_gnupghome configuration value is correct")
    raise ArgumentError, "Configured GPG home directory #{gnupghome} doesn't exist, check gpg_gnupghome configuration value is correct"
  else
    gnupghome
  end
end