Class: SshTresor::Slot

Inherits:

Struct

• Object
• Struct
• SshTresor::Slot

Defined in:

lib/ssh_tresor/format.rb

Overview

One key-wrapping slot in a SSHTRESR blob.

A slot stores public metadata plus an encrypted copy of the data master key. The slot key is not stored; it is re-derived from an SSH-agent signature over the stored challenge.

Instance Attribute Summary

• #challenge ⇒ String

  random challenge signed by the SSH agent.

• #encrypted_key ⇒ String

  AES-GCM ciphertext and tag for the master key.

• #fingerprint ⇒ String

  raw 32-byte SHA-256 public-key fingerprint.

• #nonce ⇒ String

  AES-GCM nonce for the encrypted master key.

Instance Method Summary

• #to_bytes ⇒ String

  Serializes the fixed-width slot fields.

Instance Attribute Details

#challenge ⇒ String

random challenge signed by the SSH agent.

Returns:

• (String) —

  the current value of challenge

# File 'lib/ssh_tresor/format.rb', line 19

def challenge
  @challenge
end

#encrypted_key ⇒ String

AES-GCM ciphertext and tag for the master key.

Returns:

• (String) —

  the current value of encrypted_key

# File 'lib/ssh_tresor/format.rb', line 19

def encrypted_key
  @encrypted_key
end

#fingerprint ⇒ String

raw 32-byte SHA-256 public-key fingerprint.

Returns:

• (String) —

  the current value of fingerprint

# File 'lib/ssh_tresor/format.rb', line 19

def fingerprint
  @fingerprint
end

#nonce ⇒ String

AES-GCM nonce for the encrypted master key.

Returns:

• (String) —

  the current value of nonce

# File 'lib/ssh_tresor/format.rb', line 19

def nonce
  @nonce
end

Instance Method Details

#to_bytes ⇒ String

Serializes the fixed-width slot fields.

Returns:

• (String) —

  binary slot data.

# File 'lib/ssh_tresor/format.rb', line 23

def to_bytes
  fingerprint + challenge + nonce + encrypted_key
end