diff options
Diffstat (limited to 'src/aegis/src/aegis_server.erl')
-rw-r--r-- | src/aegis/src/aegis_server.erl | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/aegis/src/aegis_server.erl b/src/aegis/src/aegis_server.erl index 087e605e3..2da3eac6c 100644 --- a/src/aegis/src/aegis_server.erl +++ b/src/aegis/src/aegis_server.erl @@ -181,12 +181,12 @@ do_open_db(#{uuid := UUID} = Db) -> do_encrypt(DbKey, #{uuid := UUID}, Key, Value) -> - EncryptionKey = crypto:strong_rand_bytes(32), + EncryptionKey = new_encryption_key(), <<WrappedKey:320>> = aegis_keywrap:key_wrap(DbKey, EncryptionKey), {CipherText, <<CipherTag:128>>} = ?aes_gcm_encrypt( - EncryptionKey, + EncryptionKey(), <<0:96>>, <<UUID/binary, 0:8, Key/binary>>, Value), @@ -202,7 +202,7 @@ do_decrypt(DbKey, #{uuid := UUID}, Key, Value) -> DecryptionKey -> Decrypted = ?aes_gcm_decrypt( - DecryptionKey, + DecryptionKey(), <<0:96>>, <<UUID/binary, 0:8, Key/binary>>, CipherText, @@ -333,3 +333,8 @@ expiration_check_interval() -> cache_limit() -> config:get_integer("aegis", "cache_limit", ?CACHE_LIMIT). + + +new_encryption_key() -> + EncryptionKey = crypto:strong_rand_bytes(32), + fun() -> EncryptionKey end. |