class Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor
Public Class Methods
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 219 def self.encryptor_keys super + %w{ auth_tag } end
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor::encryptor_keys
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 165 def initialize(plaintext_data, key, iv = nil) super assert_aead_requirements_met!(algorithm) @auth_tag = nil end
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor::new
Public Instance Methods
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 184 def algorithm AEAD_ALGORITHM end
Returns the used encryption algorithm
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 190 def auth_tag # Generated auth_tag comes from OpenSSL::Cipher#auth_tag # This must be generated after the data is encrypted if @auth_tag.nil? raise EncryptionFailure, "Internal Error: GCM authentication tag read before encryption" end @auth_tag end
Returns a wrapped and encrypted version of plaintext_data
suitable for Returns the auth_tag.
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 211 def encrypted_data @encrypted_data ||= begin enc_data_b64 = super @auth_tag = openssl_encryptor.auth_tag enc_data_b64 end end
Encrypts, Base64 encodes serialized_data
and gets the authentication tag
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor#encrypted_data
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 173 def for_encrypted_item { "encrypted_data" => encrypted_data, "iv" => Base64.encode64(iv), "auth_tag" => Base64.encode64(auth_tag), "version" => 3, "cipher" => algorithm, } end
Returns a wrapped and encrypted version of plaintext_data
suitable for using as the value in an encrypted data bag item.
Source
# File lib/chef/encrypted_data_bag_item/encryptor.rb, line 202 def openssl_encryptor @openssl_encryptor ||= begin encryptor = super encryptor.auth_data = "" encryptor end end
Generates (and memoizes) an OpenSSL::Cipher object and configures it for the specified iv and encryption key using AEAD
Calls superclass method
Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor#openssl_encryptor