class Aws::S3::EncryptionV2::DefaultCipherProvider
def decryption_cipher(envelope, options = {})
-
(Cipher)- Given an encryption envelope, returns a
def decryption_cipher(envelope, options = {}) validate_options(options) master_key = @key_provider.key_for(envelope['x-amz-matdesc']) if envelope.key? 'x-amz-key' unless options[:security_profile] == :v2_and_legacy raise Errors::LegacyDecryptionError end # Support for decryption of legacy objects key = Utils.decrypt(master_key, decode64(envelope['x-amz-key'])) iv = decode64(envelope['x-amz-iv']) Utils.aes_decryption_cipher(:CBC, key, iv) else if envelope['x-amz-cek-alg'] != 'AES/GCM/NoPadding' raise ArgumentError, 'Unsupported cek-alg: ' \ "#{envelope['x-amz-cek-alg']}" end key = case envelope['x-amz-wrap-alg'] when 'AES/GCM' if master_key.is_a? OpenSSL::PKey::RSA raise ArgumentError, 'Key mismatch - Client is configured' \ ' with an RSA key and the x-amz-wrap-alg is AES/GCM.' end Utils.decrypt_aes_gcm(master_key, decode64(envelope['x-amz-key-v2']), envelope['x-amz-cek-alg']) when 'RSA-OAEP-SHA1' unless master_key.is_a? OpenSSL::PKey::RSA raise ArgumentError, 'Key mismatch - Client is configured' \ ' with an AES key and the x-amz-wrap-alg is RSA-OAEP-SHA1.' end key, cek_alg = Utils.decrypt_rsa(master_key, decode64(envelope['x-amz-key-v2'])) raise Errors::CEKAlgMismatchError unless cek_alg == envelope['x-amz-cek-alg'] key when 'kms+context' raise ArgumentError, 'Key mismatch - Client is configured' \ ' with a user provided key and the x-amz-wrap-alg is' \ ' kms+context. Please configure the client with the' \ ' required kms_key_id' else raise ArgumentError, 'Unsupported wrap-alg: ' \ "#{envelope['x-amz-wrap-alg']}" end iv = decode64(envelope['x-amz-iv']) Utils.aes_decryption_cipher(:GCM, key, iv) end end