class Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor

Attributes

encrypted_data[R]
key[R]

Public Class Methods

new(encrypted_data, key) click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 76
def initialize(encrypted_data, key)
  @encrypted_data = encrypted_data
  @key = key
end

Public Instance Methods

algorithm() click to toggle source

Returns the used decryption algorithm

# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 82
def algorithm
  ALGORITHM
end
decrypted_data() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 90
def decrypted_data
  @decrypted_data ||= begin
    plaintext = openssl_decryptor.update(encrypted_bytes)
    plaintext << openssl_decryptor.final
  rescue OpenSSL::Cipher::CipherError => e
    # if the key length is less than 255 characters, and it contains slashes, we think it may be a path.
    raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{(@key.length < 255 && @key.include?('/')) ? 'You may need to use --secret-file rather than --secret.' : ''}"
  end
end
encrypted_bytes() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 100
def encrypted_bytes
  Base64.decode64(@encrypted_data)
end
for_decrypted_item() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 86
def for_decrypted_item
  YAML.load(decrypted_data)
end
openssl_decryptor() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 104
def openssl_decryptor
  @openssl_decryptor ||= begin
    d = OpenSSL::Cipher.new(algorithm)
    d.decrypt
    d.pkcs5_keyivgen(key)
    d
  end
end