class CredStash::CipherKey
Constants
- DEFAULT_KMS_KEY_ID
Attributes
data_key[R]
hmac_key[R]
wrapped_key[R]
Public Class Methods
decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {})
click to toggle source
# File lib/cred_stash/cipher_key.rb, line 22 def self.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {}) res = client.decrypt(ciphertext_blob: wrapped_key, encryption_context: context) new( data_key: res.plaintext[0...32], hmac_key: res.plaintext[32..-1], wrapped_key: wrapped_key ) end
generate(client: Aws::KMS::Client.new, kms_key_id: nil, context: {})
click to toggle source
# File lib/cred_stash/cipher_key.rb, line 8 def self.generate(client: Aws::KMS::Client.new, kms_key_id: nil, context: {}) res = client.generate_data_key( key_id: kms_key_id || DEFAULT_KMS_KEY_ID, number_of_bytes: 64, encryption_context: context ) new( data_key: res.plaintext[0...32], hmac_key: res.plaintext[32..-1], wrapped_key: res.ciphertext_blob ) end
new(data_key:, hmac_key:, wrapped_key:)
click to toggle source
# File lib/cred_stash/cipher_key.rb, line 31 def initialize(data_key:, hmac_key:, wrapped_key:) @data_key = data_key @hmac_key = hmac_key @wrapped_key = wrapped_key end
Public Instance Methods
decrypt(message)
click to toggle source
# File lib/cred_stash/cipher_key.rb, line 45 def decrypt(message) CredStash::Cipher.new(data_key).decrypt(message) end
encrypt(message)
click to toggle source
# File lib/cred_stash/cipher_key.rb, line 41 def encrypt(message) CredStash::Cipher.new(data_key).encrypt(message) end
hmac(message)
click to toggle source
# File lib/cred_stash/cipher_key.rb, line 37 def hmac(message) OpenSSL::HMAC.hexdigest("SHA256", hmac_key, message) end