class Pbkdf2CryptoRecord

PBKDF2 KeyRecord. Allow safely using passwords, carrying all necessary information to re-derive key later. Allow using only part of the PBKDF2 derived data as a key, so more than one key could be derived from the same password cryptographically safe and independently.

Constants

HASH_CODES

Public Class Methods

new(params = nil, encrypted_key = nil, salt: 'default_salt', rounds: 500000, key_length: 32, offset: 0, length: 32, hint: nil, hash_code: 0) click to toggle source

Construct instance using PBKDF2 parameters or serialization parameters.

Calls superclass method CryptoRecord::new
# File lib/universa_tools/crypto_record.rb, line 78
def initialize(params = nil, encrypted_key = nil, salt: 'default_salt', rounds: 500000, key_length: 32, offset: 0, length: 32, hint: nil, hash_code: 0)
  if params
    @salt_bytes, @rounds, @key_length, @offset, @length, @password_hint, @hash_code = *params
  else
    @salt_bytes, @rounds, @key_length, @offset, @length, @password_hint, @hash_code =
        salt.force_encoding('binary'), rounds, key_length, offset, length, hint, hash_code
  end
  @salt_bytes&.freeze
  @hash = HASH_CODES[@hash_code] or raise ArgumentError, "invalid hash code #{hash_code}"
  super 1, encrypted_key
end

Public Instance Methods

decrypt(password) click to toggle source

Decrypt the contained ciphertext deriving a key from a given password

@param [String] password to derive key from @return [Binary] binary string for the decrypted data

# File lib/universa_tools/crypto_record.rb, line 102
def decrypt(password)
  @ciphertext or raise IllegalStateError, "missing ciphertext"
  derive_key(password).eta_decrypt(@ciphertext)
end
encrypt(password, plaintext) click to toggle source

Encrypt plaintext deriving key from a given password @return [Pbkdf2CryptoRecord] self

# File lib/universa_tools/crypto_record.rb, line 92
def encrypt(password, plaintext)
  plaintext = plaintext.force_encoding('binary')
  encrypt_with_key(derive_key(password), plaintext)
  self
end
try_decrypt(password) click to toggle source
# File lib/universa_tools/crypto_record.rb, line 107
def try_decrypt(password)
  decrypt(password)
rescue Farcall::RemoteError
  nil
end

Protected Instance Methods

derive_key(password) click to toggle source
# File lib/universa_tools/crypto_record.rb, line 116
def derive_key(password)
  # UMI bridge does not go well with frozen strings
  @salt_bytes.frozen? and @salt_bytes = @salt_bytes[0..]
  data = Universa::PBKDF2.derive(password, salt: @salt_bytes, rounds: @offset, hash: @hash.clone, length: @key_length)
  Universa::SymmetricKey.new(data[@offset...(@offset + @length)])
end
serialized_params() click to toggle source
# File lib/universa_tools/crypto_record.rb, line 123
def serialized_params
  [@salt_bytes, @rounds, @key_length, @offset, @length, @password_hint, @hash_code]
end