Class: Bard::Backup::Encryptor

Inherits:

Object

• Object
• Bard::Backup::Encryptor

Defined in:

lib/bard/backup/encryptor.rb

Instance Method Summary

• #decrypt(data) ⇒ Object
• #encrypt(data) ⇒ Object
• #initialize(key) ⇒ Encryptor constructor

  A new instance of Encryptor.

Constructor Details

#initialize(key) ⇒ Encryptor

Returns a new instance of Encryptor.

# File 'lib/bard/backup/encryptor.rb', line 6

def initialize(key)
  @encrypt_key = derive_key(key, "encryption")
  @iv_key = derive_key(key, "iv-derivation")
end

Instance Method Details

#decrypt(data) ⇒ Object

# File 'lib/bard/backup/encryptor.rb', line 22

def decrypt(data)
  data = data.b if data.encoding != Encoding::BINARY
  cipher = OpenSSL::Cipher.new("aes-256-gcm")
  cipher.decrypt
  cipher.key = @encrypt_key
  cipher.iv = data[0, 12]
  cipher.auth_tag = data[12, 16]
  cipher.update(data[28..]) + cipher.final
end

#encrypt(data) ⇒ Object

# File 'lib/bard/backup/encryptor.rb', line 11

def encrypt(data)
  data = data.b if data.encoding != Encoding::BINARY
  iv = OpenSSL::HMAC.digest("SHA256", @iv_key, data)[0, 12]
  cipher = OpenSSL::Cipher.new("aes-256-gcm")
  cipher.encrypt
  cipher.key = @encrypt_key
  cipher.iv = iv
  ciphertext = cipher.update(data) + cipher.final
  iv + cipher.auth_tag + ciphertext
end