class Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor
Attributes
Public Class Methods
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 121 def initialize(encrypted_data, key) @encrypted_data = encrypted_data @key = key end
Public Instance Methods
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 143 def decrypted_data @decrypted_data ||= begin plaintext = openssl_decryptor.update(encrypted_bytes) plaintext << openssl_decryptor.final rescue OpenSSL::Cipher::CipherError => e # if the key length is less than 255 characters, and it contains slashes, we think it may be a path. raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{( @key.length < 255 && @key.include?("/")) ? "You may need to use --secret-file rather than --secret." : ""}" end end
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 135 def encrypted_bytes Base64.decode64(@encrypted_data["encrypted_data"]) end
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 126 def for_decrypted_item Chef::JSONCompat.parse(decrypted_data)["json_wrapper"] rescue Chef::Exceptions::JSON::ParseError # convert to a DecryptionFailure error because the most likely scenario # here is that the decryption step was unsuccessful but returned bad # data rather than raising an error. raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect" end
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 139 def iv Base64.decode64(@encrypted_data["iv"]) end
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 154 def openssl_decryptor @openssl_decryptor ||= begin assert_valid_cipher!(@encrypted_data["cipher"], algorithm) d = OpenSSL::Cipher.new(algorithm) d.decrypt # We must set key before iv: https://bugs.ruby-lang.org/issues/8221 d.key = OpenSSL::Digest.digest("SHA256", key) d.iv = iv d end end