class Cryptor::SymmetricEncryption::SecretKey

Secret key used to encrypt plaintexts

Attributes

cipher[R]

Public Class Methods

new(uri_string) click to toggle source

Create a new SecretKey object from a URI

@param [#to_s] uri representing a secret key

@raise [ArgumentError] on invalid URIs

@return [Cryptor::SecretKey] new secret key object

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 39
def initialize(uri_string)
  uri = URI.parse(uri_string.to_s)
  fail ArgumentError, "invalid scheme: #{uri.scheme}" unless uri.scheme == 'secret.key'

  components = uri.path.match(/^\/([^;]+);(.+)$/)
  fail ArgumentError, "couldn't parse cipher name from secret URI" unless components

  @cipher     = Cryptor::SymmetricEncryption::Cipher[components[1]]
  @secret_key = Cryptor::Encoding.decode(components[2])
end
random_key(cipher) click to toggle source

Generate a random secret key

@param [Cryptor::Cipher, Symbol] Cryptor::Cipher or algorithm name as a symbol

@return [Cryptor::SecretKey] new secret key object

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 17
def self.random_key(cipher)
  case cipher
  when Cryptor::SymmetricEncryption::Cipher
    # we're good
  when Symbol
    cipher = Cryptor::SymmetricEncryption::Cipher[cipher]
  else fail ArgumentError, "invalid cipher: #{cipher}"
  end

  bytes  = SecureRandom.random_bytes(cipher.key_bytes)
  base64 = Cryptor::Encoding.encode(bytes)

  new "secret.key:///#{cipher.algorithm};#{base64}"
end

Public Instance Methods

decrypt(ciphertext) click to toggle source

Decrypt ciphertext using this key

@param [String] ciphertext string to be decrypted

@return [String] plaintext decrypted from the given ciphertext

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 79
def decrypt(ciphertext)
  @cipher.decrypt(@secret_key, ciphertext)
end
encrypt(plaintext) click to toggle source

Encrypt a plaintext under this key

@param [String] plaintext string to be encrypted

@return [String] ciphertext encrypted under this key

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 70
def encrypt(plaintext)
  @cipher.encrypt(@secret_key, plaintext)
end
fingerprint() click to toggle source

Fingerprint of this key’s secret URI

@return [String] fingerprint as a ni:// URL

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 60
def fingerprint
  digest = Digest::SHA256.digest(to_secret_uri)
  "ni:///sha-256;#{Cryptor::Encoding.encode(digest)}"
end
inspect() click to toggle source

Inspect this key

@return [String] a string representing this key

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 86
def inspect
  "#<#{self.class}:0x#{object_id.to_s(16)} " \
  "cipher=#{cipher.algorithm} " \
  "fingerprint=#{fingerprint}>"
end
to_secret_uri() click to toggle source

Serialize SecretKey object to a URI

@return [String] serialized URI representing the key

# File lib/cryptor/symmetric_encryption/secret_key.rb, line 53
def to_secret_uri
  "secret.key:///#{@cipher.algorithm};#{Cryptor::Encoding.encode(@secret_key)}"
end