Implementation class for converting plaintext data bag item values to an encrypted value, including any necessary wrappers and metadata.
Create a new Encryptor for data, which will be encrypted with the given key.
data: An object of any type that can be serialized to json
key: A String representing the desired passphrase
iv: The optional iv parameter is intended for testing use only. When
not supplied, Encryptor will use OpenSSL to generate a secure random IV, which is what you want.
# File lib/chef/encrypted_data_bag_item.rb, line 79 def initialize(plaintext_data, key, iv=nil) @plaintext_data = plaintext_data @key = key @iv = iv && Base64.decode64(iv) end
Encrypts and Base64 encodes serialized_data
# File lib/chef/encrypted_data_bag_item.rb, line 118 def encrypted_data @encrypted_data ||= begin enc_data = openssl_encryptor.update(serialized_data) enc_data << openssl_encryptor.final Base64.encode64(enc_data) end end
Returns a wrapped and encrypted version of plaintext_data suitable for using as the value in an encrypted data bag item.
# File lib/chef/encrypted_data_bag_item.rb, line 87 def for_encrypted_item { "encrypted_data" => encrypted_data, "iv" => Base64.encode64(iv), "version" => 1, "cipher" => ALGORITHM } end
Generates or returns the IV.
# File lib/chef/encrypted_data_bag_item.rb, line 97 def iv # Generated IV comes from OpenSSL::Cipher::Cipher#random_iv # This gets generated when +openssl_encryptor+ gets created. openssl_encryptor if @iv.nil? @iv end
Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures it for the specified iv and encryption key.
# File lib/chef/encrypted_data_bag_item.rb, line 106 def openssl_encryptor @openssl_encryptor ||= begin encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM) encryptor.encrypt @iv ||= encryptor.random_iv encryptor.iv = @iv encryptor.key = Digest::SHA256.digest(key) encryptor end end
Wraps the data in a single key Hash (JSON Object) and converts to JSON. The wrapper is required because we accept values (such as Integers or Strings) that do not produce valid JSON when serialized without the wrapper.
# File lib/chef/encrypted_data_bag_item.rb, line 130 def serialized_data Yajl::Encoder.encode(:json_wrapper => plaintext_data) end
Generated with the Darkfish Rdoc Generator 2.