class Aws::S3::EncryptionV2::DecryptHandler

def authenticated_decrypter(context, cipher, envelope)

auth tag from the body when writing the final bytes.
to initialize the cipher, and the decrypter truncates the
making a GET Object w/range request. This auth tag is used
This method fetches the tag from the end of the object by

def authenticated_decrypter(context, cipher, envelope)
  http_resp = context.http_response
  content_length = http_resp.headers['content-length'].to_i
  auth_tag_length = auth_tag_length(envelope)
  auth_tag = context.client.get_object(
    bucket: context.params[:bucket],
    key: context.params[:key],
    version_id: context.params[:version_id],
    range: "bytes=-#{auth_tag_length}"
  ).body.read
  cipher.auth_tag = auth_tag
  cipher.auth_data = ''
  # The encrypted object contains both the cipher text
  # plus a trailing auth tag.
  IOAuthDecrypter.new(
    io: http_resp.body,
    encrypted_content_length: content_length - auth_tag_length,
    cipher: cipher)
end

Modules

Classes

class Aws::S3::EncryptionV2::DecryptHandler

def authenticated_decrypter(context, cipher, envelope)

Instance Methods