lib/heirloom/cipher/file.rb in heirloom-0.9.0 vs lib/heirloom/cipher/file.rb in heirloom-0.10.0
- old
+ new
@@ -1,49 +1,50 @@
-require 'openssl'
require 'tempfile'
require 'fileutils'
module Heirloom
module Cipher
class File
+ include Heirloom::Cipher::Shared
+
def initialize(args)
@config = args[:config]
- @aes = OpenSSL::Cipher::AES256.new(:CBC)
+ @logger = @config.logger
end
def encrypt_file(args)
@file = args[:file]
+ @secret = args[:secret]
@encrypted_file = Tempfile.new('archive.tar.gz.enc')
- secret = args[:secret]
- iv = @aes.random_iv
- @aes.encrypt
- @aes.iv = iv
- @aes.key = Digest::SHA256.hexdigest secret
+ return false unless gpg_in_path?
+ return false unless encrypt
- # Need to refactor to be less complex
- # Additionally tests to do fully cover logic
- ::File.open(@encrypted_file,'w') do |enc|
- enc << iv
- ::File.open(@file) do |f|
- loop do
- r = f.read(4096)
- break unless r
- enc << @aes.update(r)
- end
- end
- enc << @aes.final
- end
-
replace_file
end
private
+ def encrypt
+ @logger.info "Encrypting with: '#{command}'"
+ output = `#{command(@secret)}`
+ @logger.debug "Encryption output: '#{output}'"
+ @logger.error "Encryption failed with output: '#{output}'" unless $?.success?
+ $?.success?
+ end
+
+ def command(secret="XXXXXXXX")
+ "gpg --batch --yes -c --cipher-algo AES256 --passphrase #{secret} --output #{@encrypted_file.path} #{@file} 2>&1"
+ end
+
def replace_file
FileUtils.mv @encrypted_file.path, @file
@encrypted_file.close!
+ end
+
+ def logger
+ @logger
end
end
end
end