class Portunus::DataKeyGenerator

Attributes

encrypted_object[R]
encrypter[R]
key_finder[R]

Public Class Methods

generate(encrypted_object) click to toggle source
# File lib/portunus/data_key_generator.rb, line 3
def self.generate(encrypted_object)
  new(encrypted_object: encrypted_object).generate
end
new( encrypted_object:, encrypter: ::Portunus.configuration.encrypter, key_finder: Portunus.configuration.storage_adaptor ) click to toggle source
# File lib/portunus/data_key_generator.rb, line 7
def initialize(
  encrypted_object:,
  encrypter: ::Portunus.configuration.encrypter,
  key_finder: Portunus.configuration.storage_adaptor
)
  @encrypter = encrypter
  @key_finder = key_finder
  @encrypted_object = encrypted_object
end

Public Instance Methods

generate() click to toggle source
# File lib/portunus/data_key_generator.rb, line 17
def generate
  dek = encrypted_object.build_data_encryption_key(
    encrypted_key: new_encrypted_key,
    master_keyname: master_keyname
  )

  if dek.key != new_plaintext_key
    raise ::Portunus::Error.new(
      "Dek Key creation failed: Decrypted key does not match the original"
    )
  end

  dek
end

Private Instance Methods

master_encryption_key() click to toggle source
# File lib/portunus/data_key_generator.rb, line 51
def master_encryption_key
  @_master_encryption_key = key_finder.lookup(master_keyname)
end
master_keyname() click to toggle source
# File lib/portunus/data_key_generator.rb, line 47
def master_keyname
  @_master_keyname ||= key_finder.list.sample
end
new_encrypted_key() click to toggle source
# File lib/portunus/data_key_generator.rb, line 36
def new_encrypted_key
  @_new_encrypted_key ||= encrypter.encrypt(
    key: master_encryption_key.value, value: new_plaintext_key
  )
end
new_plaintext_key() click to toggle source
# File lib/portunus/data_key_generator.rb, line 42
def new_plaintext_key
  # this will be a base64 encoded key
  @_new_key ||= encrypter.generate_key
end