Class: ActiveCipherStorage::Providers::Base
- Inherits:
-
Object
- Object
- ActiveCipherStorage::Providers::Base
- Defined in:
- lib/active_cipher_storage/providers/base.rb
Direct Known Subclasses
Instance Method Summary collapse
-
#decrypt_data_key(encrypted_key) ⇒ Object
Returns the plaintext DEK (32 bytes).
-
#generate_data_key ⇒ Object
Returns { plaintext_key: String (32 bytes), encrypted_key: String }.
-
#key_id ⇒ Object
Stable identifier for the specific key material in use (e.g. CMK ARN, env var name).
-
#provider_id ⇒ Object
Short ASCII string embedded in every encrypted file header.
- #rotate_data_key(encrypted_key) ⇒ Object
-
#wrap_data_key(plaintext_dek) ⇒ Object
Wraps an existing plaintext DEK under this provider’s master key.
Instance Method Details
#decrypt_data_key(encrypted_key) ⇒ Object
Returns the plaintext DEK (32 bytes). Caller must zero it after use.
10 11 12 |
# File 'lib/active_cipher_storage/providers/base.rb', line 10 def decrypt_data_key(encrypted_key) raise NotImplementedError, "#{self.class}#decrypt_data_key is not implemented" end |
#generate_data_key ⇒ Object
Returns { plaintext_key: String (32 bytes), encrypted_key: String }
5 6 7 |
# File 'lib/active_cipher_storage/providers/base.rb', line 5 def generate_data_key raise NotImplementedError, "#{self.class}#generate_data_key is not implemented" end |
#key_id ⇒ Object
Stable identifier for the specific key material in use (e.g. CMK ARN, env var name). Stored in blob metadata for rotation queries. Returns nil for providers where key identity is not meaningful.
28 29 30 |
# File 'lib/active_cipher_storage/providers/base.rb', line 28 def key_id nil end |
#provider_id ⇒ Object
Short ASCII string embedded in every encrypted file header.
21 22 23 |
# File 'lib/active_cipher_storage/providers/base.rb', line 21 def provider_id raise NotImplementedError, "#{self.class}#provider_id is not implemented" end |
#rotate_data_key(encrypted_key) ⇒ Object
32 33 34 35 |
# File 'lib/active_cipher_storage/providers/base.rb', line 32 def rotate_data_key(encrypted_key) raise Errors::UnsupportedOperation, "#{self.class} does not support key rotation" end |
#wrap_data_key(plaintext_dek) ⇒ Object
Wraps an existing plaintext DEK under this provider’s master key. Used during key rotation to re-protect a DEK without re-encrypting the file.
16 17 18 |
# File 'lib/active_cipher_storage/providers/base.rb', line 16 def wrap_data_key(plaintext_dek) raise NotImplementedError, "#{self.class}#wrap_data_key is not implemented" end |