Parent

Files

Class/Module Index [+]

Quicksearch

Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor

Attributes

key[R]
plaintext_data[R]

Public Class Methods

new(plaintext_data, key, iv=nil) click to toggle source

Create a new Encryptor for data, which will be encrypted with the given key.

Arguments:

  • data: An object of any type that can be serialized to json

  • key: A String representing the desired passphrase

  • iv: The optional iv parameter is intended for testing use only. When

not supplied, Encryptor will use OpenSSL to generate a secure random IV, which is what you want.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 62
def initialize(plaintext_data, key, iv=nil)
  @plaintext_data = plaintext_data
  @key = key
  @iv = iv && Base64.decode64(iv)
end

Public Instance Methods

encrypted_data() click to toggle source

Encrypts and Base64 encodes serialized_data

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 101
def encrypted_data
  @encrypted_data ||= begin
    enc_data = openssl_encryptor.update(serialized_data)
    enc_data << openssl_encryptor.final
    Base64.encode64(enc_data)
  end
end
for_encrypted_item() click to toggle source

Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 70
def for_encrypted_item
  {
    "encrypted_data" => encrypted_data,
    "iv" => Base64.encode64(iv),
    "version" => 1,
    "cipher" => ALGORITHM
  }
end
iv() click to toggle source

Generates or returns the IV.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 80
def iv
  # Generated IV comes from OpenSSL::Cipher::Cipher#random_iv
  # This gets generated when +openssl_encryptor+ gets created.
  openssl_encryptor if @iv.nil?
  @iv
end
openssl_encryptor() click to toggle source

Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 89
def openssl_encryptor
  @openssl_encryptor ||= begin
    encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM)
    encryptor.encrypt
    @iv ||= encryptor.random_iv
    encryptor.iv = @iv
    encryptor.key = Digest::SHA256.digest(key)
    encryptor
  end
end
serialized_data() click to toggle source

Wraps the data in a single key Hash (JSON Object) and converts to JSON. The wrapper is required because we accept values (such as Integers or Strings) that do not produce valid JSON when serialized without the wrapper.

# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 113
def serialized_data
  FFI_Yajl::Encoder.encode(:json_wrapper => plaintext_data)
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.