class CredStash::CipherKey

Constants

DEFAULT_KMS_KEY_ID

Attributes

data_key[R]
hmac_key[R]
wrapped_key[R]

Public Class Methods

decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {}) click to toggle source
# File lib/cred_stash/cipher_key.rb, line 22
def self.decrypt(wrapped_key, client: Aws::KMS::Client.new, context: {})
  res = client.decrypt(ciphertext_blob: wrapped_key, encryption_context: context)
  new(
    data_key: res.plaintext[0...32],
    hmac_key: res.plaintext[32..-1],
    wrapped_key: wrapped_key
  )
end
generate(client: Aws::KMS::Client.new, kms_key_id: nil, context: {}) click to toggle source
# File lib/cred_stash/cipher_key.rb, line 8
def self.generate(client: Aws::KMS::Client.new, kms_key_id: nil,
                  context: {})
  res = client.generate_data_key(
    key_id: kms_key_id || DEFAULT_KMS_KEY_ID,
    number_of_bytes: 64,
    encryption_context: context
  )
  new(
    data_key: res.plaintext[0...32],
    hmac_key: res.plaintext[32..-1],
    wrapped_key: res.ciphertext_blob
  )
end
new(data_key:, hmac_key:, wrapped_key:) click to toggle source
# File lib/cred_stash/cipher_key.rb, line 31
def initialize(data_key:, hmac_key:, wrapped_key:)
  @data_key = data_key
  @hmac_key = hmac_key
  @wrapped_key = wrapped_key
end

Public Instance Methods

decrypt(message) click to toggle source
# File lib/cred_stash/cipher_key.rb, line 45
def decrypt(message)
  CredStash::Cipher.new(data_key).decrypt(message)
end
encrypt(message) click to toggle source
# File lib/cred_stash/cipher_key.rb, line 41
def encrypt(message)
  CredStash::Cipher.new(data_key).encrypt(message)
end
hmac(message) click to toggle source
# File lib/cred_stash/cipher_key.rb, line 37
def hmac(message)
  OpenSSL::HMAC.hexdigest("SHA256", hmac_key, message)
end