class Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor

Public Class Methods

encryptor_keys() click to toggle source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 218
def self.encryptor_keys
  super + %w{ auth_tag }
end
new(plaintext_data, key, iv = nil) click to toggle source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 165
def initialize(plaintext_data, key, iv = nil)
  super
  assert_aead_requirements_met!(algorithm)
  @auth_tag = nil
end

Public Instance Methods

algorithm() click to toggle source

Returns the used encryption algorithm

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 184
def algorithm
  AEAD_ALGORITHM
end
auth_tag() click to toggle source

Returns a wrapped and encrypted version of plaintext_data suitable for Returns the auth_tag.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 190
def auth_tag
  # Generated auth_tag comes from OpenSSL::Cipher#auth_tag
  # This must be generated after the data is encrypted
  if @auth_tag.nil?
    raise EncryptionFailure, "Internal Error: GCM authentication tag read before encryption"
  end
  @auth_tag
end
encrypted_data() click to toggle source

Encrypts, Base64 encodes serialized_data and gets the authentication tag

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 210
def encrypted_data
  @encrypted_data ||= begin
    enc_data_b64 = super
    @auth_tag = openssl_encryptor.auth_tag
    enc_data_b64
  end
end
for_encrypted_item() click to toggle source

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 173
def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "iv" => Base64.encode64(iv),
    "auth_tag" => Base64.encode64(auth_tag),
    "version" => 3,
    "cipher" => algorithm,
  }
end
openssl_encryptor() click to toggle source

Generates (and memoizes) an OpenSSL::Cipher object and configures it for the specified iv and encryption key using AEAD

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 201
def openssl_encryptor
  @openssl_encryptor ||= begin
    encryptor = super
    encryptor.auth_data = ""
    encryptor
  end
end