class Serket::FieldDecrypter
Used to decrypt a field given a private key, field delimiter, symmetric algorithm, encoding, and format (:json or :delimited)
Attributes
encoding[RW]
field_delimiter[RW]
private_key_filepath[RW]
symmetric_algorithm[RW]
Public Class Methods
new(options = {})
click to toggle source
# File lib/serket/field_decrypter.rb, line 10 def initialize(options = {}) options ||= {} @private_key_filepath = Serket.configuration.private_key_path @field_delimiter = options[:field_delimiter] || Serket.configuration.delimiter @symmetric_algorithm = options[:symmetric_algorithm] || Serket.configuration.symmetric_algorithm @format = options[:format] || Serket.configuration.format @encoding = options[:encoding] || Serket.configuration.encoding end
Public Instance Methods
decrypt(field)
click to toggle source
Decrypt the provided cipher text, and return the plaintext Return nil if whitespace
# File lib/serket/field_decrypter.rb, line 22 def decrypt(field) return if field !~ /\S/ iv, encrypted_aes_key, encrypted_text = parse(field) private_key = OpenSSL::PKey::RSA.new(File.read(private_key_filepath)) decrypted_aes_key = private_key.private_decrypt(Base64.decode64(encrypted_aes_key)) decrypted_field = decrypt_data(iv, decrypted_aes_key, encrypted_text) decrypted_field.force_encoding(encoding) end
field_delimiter=(delimiter)
click to toggle source
What delimiter to use if the format is :delimited.
Allow anything that is not base64.
# File lib/serket/field_decrypter.rb, line 34 def field_delimiter=(delimiter) if delimiter =~ /[A-Za-z0-9\/+]/ raise "This is not a valid delimiter! Must not be a character in Base64." end @field_delimiter = delimiter end
Private Instance Methods
decrypt_data(iv, key, encrypted_text)
click to toggle source
# File lib/serket/field_decrypter.rb, line 43 def decrypt_data(iv, key, encrypted_text) aes = OpenSSL::Cipher.new(symmetric_algorithm) aes.decrypt aes.key = key aes.iv = Base64.decode64(iv) aes.update(Base64.decode64(encrypted_text)) + aes.final end
parse(field)
click to toggle source
Extracts the initialization vector, encrypted key, and cipher text according to the specified format.
delimited:
-
Expected format: iv::encrypted-key::ciphertext
json:
-
Expected keys: iv, key, message
# File lib/serket/field_decrypter.rb, line 59 def parse(field) case @format when :delimited field.split(field_delimiter) when :json parsed = JSON.parse(field) [parsed['iv'], parsed['key'], parsed['message']] end end