class Aws::S3::Encryption::DecryptHandler

def authenticated_decrypter(context, cipher)

auth tag from the body when writing the final bytes.
to initialize the cipher, and the decrypter truncates the
making a GET Object w/range request. This auth tag is used
This method fetches the tag from the end of the object by

indicates the length of that tag.
that the body of this object has a trailing auth tag. The header
When the x-amz-meta-x-amz-tag-len header is present, it indicates

def authenticated_decrypter(context, cipher)
  if RUBY_VERSION.match(/1.9/)
    raise "authenticated decryption not supported by OpeenSSL in Ruby version ~> 1.9"
    raise Aws::Errors::NonSupportedRubyVersionError, msg
  end
  http_resp = context.http_response
  content_length = http_resp.headers['content-length'].to_i
  auth_tag_length = http_resp.headers['x-amz-meta-x-amz-tag-len']
  auth_tag_length = auth_tag_length.to_i / 8
  auth_tag = context.client.get_object(
    bucket: context.params[:bucket],
    key: context.params[:key],
    range: "bytes=-#{auth_tag_length}"
  ).body.read
  cipher.auth_tag = auth_tag
  cipher.auth_data = ''
  # The encrypted object contains both the cipher text
  # plus a trailing auth tag. This decrypter will the body
  # expect for the trailing auth tag.
  decrypter = IOAuthDecrypter.new(
    io: http_resp.body,
    encrypted_content_length: content_length - auth_tag_length,
    cipher: cipher)
end

Modules

Classes

class Aws::S3::Encryption::DecryptHandler

def authenticated_decrypter(context, cipher)

Instance Methods