class Cryptor::SymmetricEncryption::SecretKey
Secret key used to encrypt plaintexts
Attributes
Public Class Methods
Create a new SecretKey
object from a URI
@param [#to_s] uri representing a secret key
@raise [ArgumentError] on invalid URIs
@return [Cryptor::SecretKey] new secret key object
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 39 def initialize(uri_string) uri = URI.parse(uri_string.to_s) fail ArgumentError, "invalid scheme: #{uri.scheme}" unless uri.scheme == 'secret.key' components = uri.path.match(/^\/([^;]+);(.+)$/) fail ArgumentError, "couldn't parse cipher name from secret URI" unless components @cipher = Cryptor::SymmetricEncryption::Cipher[components[1]] @secret_key = Cryptor::Encoding.decode(components[2]) end
Generate a random secret key
@param [Cryptor::Cipher, Symbol] Cryptor::Cipher or algorithm name as a symbol
@return [Cryptor::SecretKey] new secret key object
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 17 def self.random_key(cipher) case cipher when Cryptor::SymmetricEncryption::Cipher # we're good when Symbol cipher = Cryptor::SymmetricEncryption::Cipher[cipher] else fail ArgumentError, "invalid cipher: #{cipher}" end bytes = SecureRandom.random_bytes(cipher.key_bytes) base64 = Cryptor::Encoding.encode(bytes) new "secret.key:///#{cipher.algorithm};#{base64}" end
Public Instance Methods
Decrypt ciphertext using this key
@param [String] ciphertext string to be decrypted
@return [String] plaintext decrypted from the given ciphertext
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 79 def decrypt(ciphertext) @cipher.decrypt(@secret_key, ciphertext) end
Encrypt a plaintext under this key
@param [String] plaintext string to be encrypted
@return [String] ciphertext encrypted under this key
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 70 def encrypt(plaintext) @cipher.encrypt(@secret_key, plaintext) end
Fingerprint of this key’s secret URI
@return [String] fingerprint as a ni:// URL
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 60 def fingerprint digest = Digest::SHA256.digest(to_secret_uri) "ni:///sha-256;#{Cryptor::Encoding.encode(digest)}" end
Inspect this key
@return [String] a string representing this key
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 86 def inspect "#<#{self.class}:0x#{object_id.to_s(16)} " \ "cipher=#{cipher.algorithm} " \ "fingerprint=#{fingerprint}>" end
Serialize SecretKey
object to a URI
@return [String] serialized URI representing the key
# File lib/cryptor/symmetric_encryption/secret_key.rb, line 53 def to_secret_uri "secret.key:///#{@cipher.algorithm};#{Cryptor::Encoding.encode(@secret_key)}" end