Class: Privy::Cryptography::HpkeRecipient

Inherits:

Object

• Object
• Privy::Cryptography::HpkeRecipient

Defined in:

lib/privy/cryptography.rb

Instance Attribute Summary

• #public_key_spki ⇒ String readonly

  Raw DER bytes of the SPKI-encoded public key.

Instance Method Summary

• #decrypt(encapsulated_key, ciphertext) ⇒ String

  Decrypts an HPKE-encrypted payload.

• #initialize ⇒ HpkeRecipient constructor

  A new instance of HpkeRecipient.

• #public_key_pkey ⇒ OpenSSL::PKey::PKey private

Constructor Details

#initialize ⇒ HpkeRecipient

Returns a new instance of HpkeRecipient.

# File 'lib/privy/cryptography.rb', line 29

def initialize
  @ec_key = OpenSSL::PKey::EC.generate("prime256v1")
  @public_key_spki = @ec_key.public_to_der
  @hpke = HPKE.new(HPKE::DHKEM_P256_HKDF_SHA256, HPKE::HKDF_SHA256, HPKE::CHACHA20_POLY1305)
end

Instance Attribute Details

#public_key_spki ⇒ String (readonly)

Returns Raw DER bytes of the SPKI-encoded public key.

Returns:

• (String) —

  Raw DER bytes of the SPKI-encoded public key

# File 'lib/privy/cryptography.rb', line 27

def public_key_spki
  @public_key_spki
end

Instance Method Details

#decrypt(encapsulated_key, ciphertext) ⇒ String

Decrypts an HPKE-encrypted payload.

Parameters:

• encapsulated_key (String) —

  Raw bytes of the encapsulated key from the sender

• ciphertext (String) —

  Raw bytes of the ciphertext to decrypt

Returns:

• (String) —

  Decrypted plaintext bytes

# File 'lib/privy/cryptography.rb', line 40

def decrypt(encapsulated_key, ciphertext)
  ctx = @hpke.setup_base_r(encapsulated_key, @ec_key, "")
  ctx.open("", ciphertext)
end

#public_key_pkey ⇒ OpenSSL::PKey::PKey

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (OpenSSL::PKey::PKey)

# File 'lib/privy/cryptography.rb', line 47

def public_key_pkey
  OpenSSL::PKey.read(@public_key_spki)
end