class Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor
Public Class Methods
encryptor_keys()
click to toggle source
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor::encryptor_keys
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 218 def self.encryptor_keys super + %w{ auth_tag } end
new(plaintext_data, key, iv = nil)
click to toggle source
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor::new
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 165 def initialize(plaintext_data, key, iv = nil) super assert_aead_requirements_met!(algorithm) @auth_tag = nil end
Public Instance Methods
algorithm()
click to toggle source
Returns the used encryption algorithm
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 184 def algorithm AEAD_ALGORITHM end
auth_tag()
click to toggle source
Returns a wrapped and encrypted version of plaintext_data
suitable for Returns the auth_tag.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 190 def auth_tag # Generated auth_tag comes from OpenSSL::Cipher#auth_tag # This must be generated after the data is encrypted if @auth_tag.nil? raise EncryptionFailure, "Internal Error: GCM authentication tag read before encryption" end @auth_tag end
encrypted_data()
click to toggle source
Encrypts, Base64 encodes serialized_data
and gets the authentication tag
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor#encrypted_data
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 210 def encrypted_data @encrypted_data ||= begin enc_data_b64 = super @auth_tag = openssl_encryptor.auth_tag enc_data_b64 end end
for_encrypted_item()
click to toggle source
Returns a wrapped and encrypted version of plaintext_data
suitable for using as the value in an encrypted data bag item.
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 173 def for_encrypted_item { "encrypted_data" => encrypted_data, "iv" => Base64.encode64(iv), "auth_tag" => Base64.encode64(auth_tag), "version" => 3, "cipher" => algorithm, } end
openssl_encryptor()
click to toggle source
Generates (and memoizes) an OpenSSL::Cipher object and configures it for the specified iv and encryption key using AEAD
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor#openssl_encryptor
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 201 def openssl_encryptor @openssl_encryptor ||= begin encryptor = super encryptor.auth_data = "" encryptor end end