Class: Match::Encryption::EncryptionV2

Inherits:

Object

• Object
• Match::Encryption::EncryptionV2

Defined in:

match/lib/match/encryption/encryption.rb

Overview

The newer encryption mechanism, which features a more secure key and IV generation.

The IV is randomly generated and provided unencrypted. The salt should be randomly generated and provided unencrypted (like in the current implementation). The key is generated with OpenSSL::KDF::pbkdf2_hmac with properly chosen parameters.

Short explanation about salt and IV: stackoverflow.com/a/1950674/6324550

Constant Summary

ALGORITHM =

'aes-256-gcm'

Instance Method Summary

• #decrypt(encrypted_data:, password:, salt:, auth_tag:) ⇒ Object
• #encrypt(data:, password:, salt:) ⇒ Object

Instance Method Details

#decrypt(encrypted_data:, password:, salt:, auth_tag:) ⇒ Object

# File 'match/lib/match/encryption/encryption.rb', line 65

def decrypt(encrypted_data:, password:, salt:, auth_tag:)
  cipher = ::OpenSSL::Cipher.new(ALGORITHM)
  cipher.decrypt

  keyivgen(cipher, password, salt)

  cipher.auth_tag = auth_tag

  data = cipher.update(encrypted_data)
  data << cipher.final
end

#encrypt(data:, password:, salt:) ⇒ Object

# File 'match/lib/match/encryption/encryption.rb', line 51

def encrypt(data:, password:, salt:)
  cipher = ::OpenSSL::Cipher.new(ALGORITHM)
  cipher.encrypt

  keyivgen(cipher, password, salt)

  encrypted_data = cipher.update(data)
  encrypted_data << cipher.final

  auth_tag = cipher.auth_tag

  { encrypted_data: encrypted_data, auth_tag: auth_tag }
end