module DiasporaFederation::Salmon::EncryptedMagicEnvelope

This is a simple crypt-wrapper for {MagicEnvelope}.

The wrapper is JSON with the following structure:

{
  "aes_key": "...",
  "encrypted_magic_envelope": "..."
}

aes_key is encrypted using the recipients public key, and contains the AES key and iv as JSON:

{
  "key": "...",
  "iv": "..."
}

encrypted_magic_envelope is encrypted using the key and iv from aes_key. Once decrypted it contains the {MagicEnvelope} xml:

<me:env>
  ...
</me:env>

All JSON-values (aes_key, encrypted_magic_envelope, key and iv) are base64 encoded.

Public Class Methods

decrypt(encrypted_env, privkey) click to toggle source

Decrypts the AES key with the private key of the receiver and decrypts the encrypted {MagicEnvelope} with it. @param [String] encrypted_env json string with aes_key and encrypted_magic_envelope @param [OpenSSL::PKey::RSA] privkey private key for decryption @return [Nokogiri::XML::Element] decrypted magic envelope xml

# File lib/diaspora_federation/salmon/encrypted_magic_envelope.rb, line 52
def self.decrypt(encrypted_env, privkey)
  encrypted_json = JSON.parse(encrypted_env)

  encoded_key = JSON.parse(privkey.private_decrypt(Base64.decode64(encrypted_json["aes_key"])))
  key = encoded_key.transform_values {|v| Base64.decode64(v) }

  xml = AES.decrypt(encrypted_json["encrypted_magic_envelope"], key["key"], key["iv"])
  Nokogiri::XML(xml).root
end
encrypt(magic_env, pubkey) click to toggle source

Generates a new random AES key and encrypts the {MagicEnvelope} with it. Then encrypts the AES key with the receivers public key. @param [Nokogiri::XML::Element] magic_env XML root node of a magic envelope @param [OpenSSL::PKey::RSA] pubkey recipient public_key @return [String] json string

# File lib/diaspora_federation/salmon/encrypted_magic_envelope.rb, line 37
def self.encrypt(magic_env, pubkey)
  key = AES.generate_key_and_iv
  encrypted_env = AES.encrypt(magic_env.to_xml, key[:key], key[:iv])

  encoded_key = key.transform_values {|v| Base64.strict_encode64(v) }
  encrypted_key = Base64.strict_encode64(pubkey.public_encrypt(JSON.generate(encoded_key)))

  JSON.generate(aes_key: encrypted_key, encrypted_magic_envelope: encrypted_env)
end