class Pbkdf2CryptoRecord
PBKDF2 KeyRecord. Allow safely using passwords, carrying all necessary information to re-derive key later. Allow using only part of the PBKDF2 derived data as a key, so more than one key could be derived from the same password cryptographically safe and independently.
Constants
- HASH_CODES
Public Class Methods
new(params = nil, encrypted_key = nil, salt: 'default_salt', rounds: 500000, key_length: 32, offset: 0, length: 32, hint: nil, hash_code: 0)
click to toggle source
Construct instance using PBKDF2 parameters or serialization parameters.
Calls superclass method
CryptoRecord::new
# File lib/universa_tools/crypto_record.rb, line 78 def initialize(params = nil, encrypted_key = nil, salt: 'default_salt', rounds: 500000, key_length: 32, offset: 0, length: 32, hint: nil, hash_code: 0) if params @salt_bytes, @rounds, @key_length, @offset, @length, @password_hint, @hash_code = *params else @salt_bytes, @rounds, @key_length, @offset, @length, @password_hint, @hash_code = salt.force_encoding('binary'), rounds, key_length, offset, length, hint, hash_code end @salt_bytes&.freeze @hash = HASH_CODES[@hash_code] or raise ArgumentError, "invalid hash code #{hash_code}" super 1, encrypted_key end
Public Instance Methods
decrypt(password)
click to toggle source
Decrypt the contained ciphertext deriving a key from a given password
@param [String] password to derive key from @return [Binary] binary string for the decrypted data
# File lib/universa_tools/crypto_record.rb, line 102 def decrypt(password) @ciphertext or raise IllegalStateError, "missing ciphertext" derive_key(password).eta_decrypt(@ciphertext) end
encrypt(password, plaintext)
click to toggle source
Encrypt plaintext deriving key from a given password @return [Pbkdf2CryptoRecord] self
# File lib/universa_tools/crypto_record.rb, line 92 def encrypt(password, plaintext) plaintext = plaintext.force_encoding('binary') encrypt_with_key(derive_key(password), plaintext) self end
try_decrypt(password)
click to toggle source
# File lib/universa_tools/crypto_record.rb, line 107 def try_decrypt(password) decrypt(password) rescue Farcall::RemoteError nil end
Protected Instance Methods
derive_key(password)
click to toggle source
# File lib/universa_tools/crypto_record.rb, line 116 def derive_key(password) # UMI bridge does not go well with frozen strings @salt_bytes.frozen? and @salt_bytes = @salt_bytes[0..] data = Universa::PBKDF2.derive(password, salt: @salt_bytes, rounds: @offset, hash: @hash.clone, length: @key_length) Universa::SymmetricKey.new(data[@offset...(@offset + @length)]) end
serialized_params()
click to toggle source
# File lib/universa_tools/crypto_record.rb, line 123 def serialized_params [@salt_bytes, @rounds, @key_length, @offset, @length, @password_hint, @hash_code] end