# frozen_string_literal: true module Backup module Encryptor class OpenSSL < Base ## # The password that'll be used to encrypt the backup. This # password will be required to decrypt the backup later on. attr_accessor :password ## # The password file to use to encrypt the backup. attr_accessor :password_file ## # Determines whether the 'base64' should be used or not attr_accessor :base64 ## # Determines whether the 'salt' flag should be used attr_accessor :salt ## # Creates a new instance of Backup::Encryptor::OpenSSL and # sets the password attribute to what was provided def initialize(&block) super @base64 ||= false @salt ||= true @password_file ||= nil instance_eval(&block) if block_given? end ## # This is called as part of the procedure run by the Packager. # It sets up the needed options to pass to the openssl command, # then yields the command to use as part of the packaging procedure. # Once the packaging procedure is complete, it will return # so that any clean-up may be performed after the yield. def encrypt_with log! yield "#{utility(:openssl)} #{options}", ".enc" end private ## # Uses the 256bit AES encryption cipher, which is what the # US Government uses to encrypt information at the "Top Secret" level. # # The -base64 option will make the encrypted output base64 encoded, # this makes the encrypted file readable using text editors # # The -salt option adds strength to the encryption # # Always sets a password option, if even no password is given, # but will prefer the password_file option if both are given. def options opts = ["aes-256-cbc"] opts << "-base64" if @base64 opts << "-salt" if @salt opts << if @password_file.to_s.empty? "-k #{Shellwords.escape(@password)}" else "-pass file:#{@password_file}" end opts.join(" ") end end end end