Sha256: 3e07f380eb8886e77f256b997a4def0ec2bed320adcee1aad84d6b0587cbd89b
Contents?: true
Size: 1.76 KB
Versions: 78
Compression:
Stored size: 1.76 KB
Contents
require 'base64' module Aws module S3 module Encryption # @api private class KmsCipherProvider def initialize(options = {}) @kms_key_id = options[:kms_key_id] @kms_client = options[:kms_client] end # @return [Array<Hash,Cipher>] Creates an returns a new encryption # envelope and encryption cipher. def encryption_cipher encryption_context = { "kms_cmk_id" => @kms_key_id } key_data = @kms_client.generate_data_key( key_id: @kms_key_id, encryption_context: encryption_context, key_spec: 'AES_256', ) cipher = Utils.aes_encryption_cipher(:CBC) cipher.key = key_data.plaintext envelope = { 'x-amz-key-v2' => encode64(key_data.ciphertext_blob), 'x-amz-iv' => encode64(cipher.iv = cipher.random_iv), 'x-amz-cek-alg' => 'AES/CBC/PKCS5Padding', 'x-amz-wrap-alg' => 'kms', 'x-amz-matdesc' => Json.dump(encryption_context) } [envelope, cipher] end # @return [Cipher] Given an encryption envelope, returns a # decryption cipher. def decryption_cipher(envelope) encryption_context = Json.load(envelope['x-amz-matdesc']) key = @kms_client.decrypt( ciphertext_blob: decode64(envelope['x-amz-key-v2']), encryption_context: encryption_context, ).plaintext iv = decode64(envelope['x-amz-iv']) Utils.aes_decryption_cipher(:CBC, key, iv) end private def encode64(str) Base64.encode64(str).split("\n") * "" end def decode64(str) Base64.decode64(str) end end end end end
Version data entries
78 entries across 78 versions & 1 rubygems