attr_encrypted 1.0.9 → 1.1.0

data/README.rdoc

@@ -0,0 +1,308 @@
+= attr_encrypted
+
+Generates attr_accessors that encrypt and decrypt attributes transparently
+
+It works with ANY class, however, you get a few extra features when you're using it with <tt>ActiveRecord</tt>, <tt>DataMapper</tt>, or <tt>Sequel</tt>
+
+
+== Installation
+
+  gem install attr_encrypted
+
+
+== Usage
+
+
+=== Basic
+
+Encrypting attributes has never been easier:
+
+  class User
+    attr_accessor :name
+    attr_encrypted :ssn, :key => 'a secret key'
+  
+    def load
+      # loads the stored data
+    end
+  
+    def save
+      # saves the :name and :encrypted_ssn attributes somewhere (e.g. filesystem, database, etc)
+    end
+  end
+  
+  @user = User.new
+  @user.ssn = '123-45-6789'
+  @user.encrypted_ssn # returns the encrypted version of :ssn
+  @user.save
+  
+  @user = User.load
+  @user.ssn # decrypts :encrypted_ssn and returns '123-45-6789'
+
+The <tt>attr_encrypted</tt> method is also aliased as <tt>attr_encryptor</tt> to conform to Ruby's <tt>attr_</tt> naming conventions. I know that I should have called this project <tt>attr_encryptor</tt> but it was too late when I realized it ='(.
+
+
+=== Specifying the encrypted attribute name
+
+By default, the encrypted attribute name is <tt>encrypted_#{attribute}</tt> (e.g. <tt>attr_encrypted :email</tt> would create an attribute named <tt>encrypted_email</tt>). So, if you're storing the encrypted attribute in the database, you need to make sure the <tt>encrypted_#{attribute}</tt> field exists in your table. You have a couple of options if you want to name your attribute something else.
+
+
+==== The <tt>:attribute</tt> option
+
+You can simply pass the name of the encrypted attribute as the <tt>:attribute</tt> option:
+
+  class User
+    attr_encrypted :email, :key => 'a secret key', :attribute => 'email_encrypted'
+  end
+
+This would generate an attribute named <tt>email_encrypted</tt>
+
+
+==== The <tt>:prefix</tt> and <tt>:suffix</tt> options
+
+If you're planning on encrypting a few different attributes and you don't like the <tt>encrypted_#{attribute}</tt> naming convention then you can specify your own:
+
+  class User
+    attr_encrypted :email, :credit_card, :ssn, :key => 'a secret key', :prefix => 'secret_', :suffix => '_crypted'
+  end
+
+This would generate the following attributes: <tt>secret_email_crypted</tt>, <tt>secret_credit_card_crypted</tt>, and <tt>secret_ssn_crypted</tt>.
+
+
+=== Encryption keys
+
+Although a <tt>:key</tt> option may not be required (see custom encryptor below), it has a few special features
+
+
+==== Unique keys for each attribute
+
+You can specify unique keys for each attribute if you'd like:
+
+  class User
+    attr_encrypted :email, :key => 'a secret key'
+    attr_encrypted :ssn, :key => 'a different secret key'
+  end
+
+
+==== Symbols representing instance methods as keys
+
+If your class has an instance method that determines the encryption key to use, simply pass a symbol representing it like so:
+
+  class User
+    attr_encrypted :email, :key => :encryption_key
+  
+    def encryption_key
+      # does some fancy logic and returns an encryption key
+    end
+  end
+
+
+==== Procs as keys
+
+You can pass a proc/lambda object as the <tt>:key</tt> option as well:
+
+  class User
+    attr_encrypted :email, :key => proc { |user| user.key }
+  end
+
+This can be used to create asymmetrical encryption by requiring users to provide their own encryption keys.
+
+
+=== Conditional encrypting
+
+There may be times that you want to only encrypt when certain conditions are met. For example maybe you're using rails and you don't want to encrypt 
+attributes when you're in development mode. You can specify conditions like this:
+
+  class User < ActiveRecord::Base
+    attr_encrypted :email, :key => 'a secret key', :unless => Rails.env.development?
+  end
+
+You can specify both <tt>:if</tt> and <tt>:unless</tt> options. If you pass a symbol representing an instance method then the result of the method will be evaluated. Any objects that respond to <tt>:call</tt> are evaluated as well.
+
+
+=== Custom encryptor
+
+The <tt>Encryptor</tt> (see http://github.com/shuber/encryptor) class is used by default. You may use your own custom encryptor by specifying
+the <tt>:encryptor</tt>, <tt>:encrypt_method</tt>, and <tt>:decrypt_method</tt> options
+
+Lets suppose you'd like to use this custom encryptor class:
+
+  class SillyEncryptor
+    def self.silly_encrypt(options)
+      (options[:value] + options[:secret_key]).reverse
+    end
+  
+    def self.silly_decrypt(options)
+      options[:value].reverse.gsub(/#{options[:secret_key]}$/, '')
+    end
+  end
+
+Simply set up your class like so:
+
+  class User
+    attr_encrypted :email, :secret_key => 'a secret key', :encryptor => SillyEncryptor, :encrypt_method => :silly_encrypt, :decrypt_method => :silly_decrypt
+  end
+
+Any options that you pass to <tt>attr_encrypted</tt> will be passed to the encryptor along with the <tt>:value</tt> option which contains the string to encrypt/decrypt. Notice it uses <tt>:secret_key</tt> instead of <tt>:key</tt>.
+
+
+=== Custom algorithms
+
+The default <tt>Encryptor</tt> uses the standard ruby OpenSSL library. It's default algorithm is <tt>aes-256-cbc</tt>. You can modify this by passing the <tt>:algorithm</tt> option to the <tt>attr_encrypted</tt> call like so:
+
+  class User
+    attr_encrypted :email, :key => 'a secret key', :algorithm => 'bf'
+  end
+
+Run <tt>openssl list-cipher-commands</tt> to view a list of algorithms supported on your platform. See http://github.com/shuber/encryptor for more information.
+
+  aes-128-cbc
+  aes-128-ecb
+  aes-192-cbc
+  aes-192-ecb
+  aes-256-cbc
+  aes-256-ecb
+  base64
+  bf
+  bf-cbc
+  bf-cfb
+  bf-ecb
+  bf-ofb
+  cast
+  cast-cbc
+  cast5-cbc
+  cast5-cfb
+  cast5-ecb
+  cast5-ofb
+  des
+  des-cbc
+  des-cfb
+  des-ecb
+  des-ede
+  des-ede-cbc
+  des-ede-cfb
+  des-ede-ofb
+  des-ede3
+  des-ede3-cbc
+  des-ede3-cfb
+  des-ede3-ofb
+  des-ofb
+  des3
+  desx
+  idea
+  idea-cbc
+  idea-cfb
+  idea-ecb
+  idea-ofb
+  rc2
+  rc2-40-cbc
+  rc2-64-cbc
+  rc2-cbc
+  rc2-cfb
+  rc2-ecb
+  rc2-ofb
+  rc4
+  rc4-40
+
+
+=== Default options
+
+Let's imagine that you have a few attributes that you want to encrypt with different keys, but you don't like the <tt>encrypted_#{attribute}</tt> naming convention. Instead of having to define your class like this:
+
+  class User
+    attr_encrypted :email, :key => 'a secret key', :prefix => '', :suffix => '_crypted'
+    attr_encrypted :ssn, :key => 'a different secret key', :prefix => '', :suffix => '_crypted'
+    attr_encrypted :credit_card, :key => 'another secret key', :prefix => '', :suffix => '_crypted'
+  end
+
+You can simply define some default options like so:
+
+  class User
+    attr_encrypted_options.merge!(:prefix => '', :suffix => '_crypted')
+    attr_encrypted :email, :key => 'a secret key'
+    attr_encrypted :ssn, :key => 'a different secret key'
+    attr_encrypted :credit_card, :key => 'another secret key'
+  end
+
+This should help keep your classes clean and DRY.
+
+
+=== Encoding
+
+You're probably going to be storing your encrypted attributes somehow (e.g. filesystem, database, etc) and may run into some issues trying to store a weird
+encrypted string. I've had this problem myself using MySQL. You can simply pass the <tt>:encode</tt> option to automatically encode/decode when encrypting/decrypting.
+
+  class User
+    attr_encrypted :email, :key => 'some secret key', :encode => true
+  end
+
+The default encoding is <tt>m*</tt> (base64). You can change this by setting <tt>:encode => 'some encoding'</tt>. See the <tt>Array#pack</tt> method at http://www.ruby-doc.org/core/classes/Array.html#M002245 for more encoding options.
+
+
+=== Marshaling
+
+You may want to encrypt objects other than strings (e.g. hashes, arrays, etc). If this is the case, simply pass the <tt>:marshal</tt> option to automatically marshal when encrypting/decrypting.
+
+  class User
+    attr_encrypted :credentials, :key => 'some secret key', :marshal => true
+  end
+
+
+=== Encrypt/decrypt attribute methods
+
+If you use the same key to encrypt every record (per attribute) like this:
+
+  class User
+    attr_encrypted :email, :key => 'a secret key'
+  end
+
+Then you'll have these two class methods available for each attribute: <tt>User.encrypt_email(email_to_encrypt)</tt> and <tt>User.decrypt_email(email_to_decrypt)</tt>. This can be useful when you're using <tt>ActiveRecord</tt> (see below).
+
+
+=== ActiveRecord
+
+If you're using this gem with <tt>ActiveRecord</tt>, you get a few extra features:
+
+
+==== Default options
+
+For your convenience, the <tt>:encode</tt> option is set to true by default since you'll be storing everything in a database.
+
+
+==== Dynamic find_by_ and scoped_by_ methods
+
+Let's say you'd like to encrypt your user's email addresses, but you also need a way for them to login. Simply set up your class like so:
+
+  class User < ActiveRecord::Base
+    attr_encrypted :email, :key => 'a secret key'
+    attr_encrypted :password, :key => 'some other secret key'
+  end
+
+You can now lookup and login users like so:
+
+  User.find_by_email_and_password('test@example.com', 'testing')
+
+The call to <tt>find_by_email_and_password</tt> is intercepted and modified to <tt>find_by_encrypted_email_and_encrypted_password('ENCRYPTED EMAIL', 'ENCRYPTED PASSWORD')</tt>. The dynamic scope methods like <tt>scoped_by_email_and_password</tt> work the same way.
+
+NOTE: This only works if all records are encrypted with the same encryption key (per attribute).
+
+
+=== DataMapper and Sequel
+
+Just like the default options for <tt>ActiveRecord</tt>, the <tt>:encode</tt> option is set to true by default since you'll be storing everything in a database.
+
+
+== Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but
+   bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+
+== Contact
+
+Problems, comments, and suggestions all welcome: shuber@huberry.com

data/Rakefile

@@ -17,6 +17,6 @@ Rake::RDocTask.new(:rdoc) do |rdoc|
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title    = 'attr_encrypted'
   rdoc.options << '--line-numbers' << '--inline-source'
-  rdoc.rdoc_files.include('README.markdown')
+  rdoc.rdoc_files.include('README*')
   rdoc.rdoc_files.include('lib/**/*.rb')
 end

data/lib/attr_encrypted.rb

@@ -1,226 +1,222 @@
-gem 'eigenclass', '>= 1.0.1'
 require 'eigenclass'
-
-gem 'encryptor', '>= 1.0.0'
 require 'encryptor'
 
-module Huberry
-  module AttrEncrypted
-    def self.extended(base)
-      base.attr_encrypted_options = {}
-      base.instance_variable_set('@encrypted_attributes', {})
-    end
-    
-    # Default options to use with calls to <tt>attr_encrypted</tt>.
+module AttrEncrypted
+  def self.extended(base)
+    base.attr_encrypted_options = {}
+    base.instance_variable_set('@encrypted_attributes', {})
+  end
+  
+  # Default options to use with calls to <tt>attr_encrypted</tt>.
+  #
+  # It will inherit existing options from its parent class
+  def attr_encrypted_options
+    @attr_encrypted_options ||= superclass.attr_encrypted_options.nil? ? {} : superclass.attr_encrypted_options.dup
+  end
+  
+  # Sets default options to use with calls to <tt>attr_encrypted</tt>.
+  def attr_encrypted_options=(options)
+    @attr_encrypted_options = options
+  end
+  
+  # Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute 
+  # names as values
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email
+  #   end
+  #
+  #   User.encrypted_attributes # { 'email' => 'encrypted_email' }
+  def encrypted_attributes
+    @encrypted_attributes ||= superclass.encrypted_attributes.nil? ? {} : superclass.encrypted_attributes.dup
+  end
+  
+  # Checks if an attribute has been configured to be encrypted
+  #
+  # Example
+  #
+  #   class User
+  #     attr_accessor :name
+  #     attr_encrypted :email
+  #   end
+  #
+  #   User.attr_encrypted?(:name) # false
+  #   User.attr_encrypted?(:email) # true
+  def attr_encrypted?(attribute)
+    encrypted_attributes.keys.include?(attribute.to_s)
+  end
+  
+  protected
+  
+    # Generates attr_accessors that encrypt and decrypt attributes transparently
     #
-    # It will inherit existing options from its parent class
-    def attr_encrypted_options
-      @attr_encrypted_options ||= superclass.attr_encrypted_options.nil? ? {} : superclass.attr_encrypted_options.dup
-    end
-    
-    # Sets default options to use with calls to <tt>attr_encrypted</tt>.
-    def attr_encrypted_options=(options)
-      @attr_encrypted_options = options
-    end
-    
-    # Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute 
-    # names as values
+    # Options (any other options you specify are passed to the encryptor's encrypt and decrypt methods)
     #
-    # Example
+    #   :attribute      => The name of the referenced encrypted attribute. For example 
+    #                      <tt>attr_accessor :email, :attribute => :ee</tt> would generate an 
+    #                      attribute named 'ee' to store the encrypted email. This is useful when defining
+    #                      one attribute to encrypt at a time or when the :prefix and :suffix options
+    #                      aren't enough. Defaults to nil.
+    #
+    #   :prefix         => A prefix used to generate the name of the referenced encrypted attributes.
+    #                      For example <tt>attr_accessor :email, :password, :prefix => 'crypted_'</tt> would 
+    #                      generate attributes named 'crypted_email' and 'crypted_password' to store the 
+    #                      encrypted email and password. Defaults to 'encrypted_'.
+    #
+    #   :suffix         => A suffix used to generate the name of the referenced encrypted attributes.
+    #                      For example <tt>attr_accessor :email, :password, :prefix => '', :suffix => '_encrypted'</tt>  
+    #                      would generate attributes named 'email_encrypted' and 'password_encrypted' to store the 
+    #                      encrypted email. Defaults to ''.
+    #
+    #   :key            => The encryption key. This option may not be required if you're using a custom encryptor. If you pass 
+    #                      a symbol representing an instance method then the :key option will be replaced with the result of the 
+    #                      method before being passed to the encryptor. Objects that respond to :call are evaluated as well (including procs). 
+    #                      Any other key types will be passed directly to the encryptor.
+    #
+    #   :encode         => If set to true, attributes will be encoded as well as encrypted. This is useful if you're
+    #                      planning on storing the encrypted attributes in a database. The default encoding is 'm*' (base64), 
+    #                      however this can be overwritten by setting the :encode option to some other encoding string instead of
+    #                      just 'true'. See http://www.ruby-doc.org/core/classes/Array.html#M002245 for more encoding directives. 
+    #                      Defaults to false unless you're using it with ActiveRecord or DataMapper.
+    #
+    #   :marshal        => If set to true, attributes will be marshaled as well as encrypted. This is useful if you're planning
+    #                      on encrypting something other than a string. Defaults to false unless you're using it with ActiveRecord 
+    #                      or DataMapper.
+    #
+    #   :encryptor      => The object to use for encrypting. Defaults to Encryptor.
+    #
+    #   :encrypt_method => The encrypt method name to call on the <tt>:encryptor</tt> object. Defaults to :encrypt.
+    #
+    #   :decrypt_method => The decrypt method name to call on the <tt>:encryptor</tt> object. Defaults to :decrypt.
+    #
+    #   :if             => Attributes are only encrypted if this option evaluates to true. If you pass a symbol representing an instance 
+    #                      method then the result of the method will be evaluated. Any objects that respond to :call are evaluated as well. 
+    #                      Defaults to true.
+    #
+    #   :unless         => Attributes are only encrypted if this option evaluates to false. If you pass a symbol representing an instance 
+    #                      method then the result of the method will be evaluated. Any objects that respond to :call are evaluated as well. 
+    #                      Defaults to false.
+    #
+    # You can specify your own default options
     #
     #   class User
-    #     attr_encrypted :email
+    #     # now all attributes will be encoded and marshaled by default
+    #     attr_encrypted_options.merge!(:encode => true, :marshal => true, :some_other_option => true)
+    #     attr_encrypted :configuration
     #   end
     #
-    #   User.encrypted_attributes # { 'email' => 'encrypted_email' }
-    def encrypted_attributes
-      @encrypted_attributes ||= superclass.encrypted_attributes.nil? ? {} : superclass.encrypted_attributes.dup
-    end
-    
-    # Checks if an attribute has been configured to be encrypted
     #
     # Example
     #
     #   class User
-    #     attr_accessor :name
-    #     attr_encrypted :email
+    #     attr_encrypted :email, :credit_card, :key => 'some secret key'
+    #     attr_encrypted :configuration, :key => 'some other secret key', :marshal => true
     #   end
     #
-    #   User.attr_encrypted?(:name) # false
-    #   User.attr_encrypted?(:email) # true
-    def attr_encrypted?(attribute)
-      encrypted_attributes.keys.include?(attribute.to_s)
-    end
-    
-    protected
-    
-      # Generates attr_accessors that encrypt and decrypt attributes transparently
-      #
-      # Options (any other options you specify are passed to the encryptor's encrypt and decrypt methods)
-      #
-      #   :attribute      => The name of the referenced encrypted attribute. For example 
-      #                      <tt>attr_accessor :email, :attribute => :ee</tt> would generate an 
-      #                      attribute named 'ee' to store the encrypted email. This is useful when defining
-      #                      one attribute to encrypt at a time or when the :prefix and :suffix options
-      #                      aren't enough. Defaults to nil.
-      #
-      #   :prefix         => A prefix used to generate the name of the referenced encrypted attributes.
-      #                      For example <tt>attr_accessor :email, :password, :prefix => 'crypted_'</tt> would 
-      #                      generate attributes named 'crypted_email' and 'crypted_password' to store the 
-      #                      encrypted email and password. Defaults to 'encrypted_'.
-      #
-      #   :suffix         => A suffix used to generate the name of the referenced encrypted attributes.
-      #                      For example <tt>attr_accessor :email, :password, :prefix => '', :suffix => '_encrypted'</tt>  
-      #                      would generate attributes named 'email_encrypted' and 'password_encrypted' to store the 
-      #                      encrypted email. Defaults to ''.
-      #
-      #   :key            => The encryption key. This option may not be required if you're using a custom encryptor. If you pass 
-      #                      a symbol representing an instance method then the :key option will be replaced with the result of the 
-      #                      method before being passed to the encryptor. Objects that respond to :call are evaluated as well (including procs). 
-      #                      Any other key types will be passed directly to the encryptor.
-      #
-      #   :encode         => If set to true, attributes will be encoded as well as encrypted. This is useful if you're
-      #                      planning on storing the encrypted attributes in a database. The default encoding is 'm*' (base64), 
-      #                      however this can be overwritten by setting the :encode option to some other encoding string instead of
-      #                      just 'true'. See http://www.ruby-doc.org/core/classes/Array.html#M002245 for more encoding directives. 
-      #                      Defaults to false unless you're using it with ActiveRecord or DataMapper.
-      #
-      #   :marshal        => If set to true, attributes will be marshaled as well as encrypted. This is useful if you're planning
-      #                      on encrypting something other than a string. Defaults to false unless you're using it with ActiveRecord 
-      #                      or DataMapper.
-      #
-      #   :encryptor      => The object to use for encrypting. Defaults to Huberry::Encryptor.
-      #
-      #   :encrypt_method => The encrypt method name to call on the <tt>:encryptor</tt> object. Defaults to :encrypt.
-      #
-      #   :decrypt_method => The decrypt method name to call on the <tt>:encryptor</tt> object. Defaults to :decrypt.
-      #
-      #   :if             => Attributes are only encrypted if this option evaluates to true. If you pass a symbol representing an instance 
-      #                      method then the result of the method will be evaluated. Any objects that respond to :call are evaluated as well. 
-      #                      Defaults to true.
-      #
-      #   :unless         => Attributes are only encrypted if this option evaluates to false. If you pass a symbol representing an instance 
-      #                      method then the result of the method will be evaluated. Any objects that respond to :call are evaluated as well. 
-      #                      Defaults to false.
-      #
-      # You can specify your own default options
-      #
-      #   class User
-      #     # now all attributes will be encoded and marshaled by default
-      #     attr_encrypted_options.merge!(:encode => true, :marshal => true, :some_other_option => true)
-      #     attr_encrypted :configuration
-      #   end
-      #
-      #
-      # Example
-      #
-      #   class User
-      #     attr_encrypted :email, :credit_card, :key => 'some secret key'
-      #     attr_encrypted :configuration, :key => 'some other secret key', :marshal => true
-      #   end
-      #
-      #   @user = User.new
-      #   @user.encrypted_email # returns nil
-      #   @user.email = 'test@example.com'
-      #   @user.encrypted_email # returns the encrypted version of 'test@example.com'
-      #
-      #   @user.configuration = { :time_zone => 'UTC' }
-      #   @user.encrypted_configuration # returns the encrypted version of configuration
-      #
-      #   See README for more examples
-      def attr_encrypted(*attrs)
-        options = { 
-          :prefix => 'encrypted_', 
-          :suffix => '', 
-          :encryptor => Huberry::Encryptor, 
-          :encrypt_method => :encrypt,
-          :decrypt_method => :decrypt,
-          :encode => false, 
-          :marshal => false, 
-          :if => true, 
-          :unless => false 
-        }.merge(attr_encrypted_options).merge(attrs.last.is_a?(Hash) ? attrs.pop : {})
-        options[:encode] = 'm*' if options[:encode] == true
+    #   @user = User.new
+    #   @user.encrypted_email # returns nil
+    #   @user.email = 'test@example.com'
+    #   @user.encrypted_email # returns the encrypted version of 'test@example.com'
+    #
+    #   @user.configuration = { :time_zone => 'UTC' }
+    #   @user.encrypted_configuration # returns the encrypted version of configuration
+    #
+    #   See README for more examples
+    def attr_encrypted(*attrs)
+      options = { 
+        :prefix => 'encrypted_', 
+        :suffix => '', 
+        :encryptor => Encryptor, 
+        :encrypt_method => :encrypt,
+        :decrypt_method => :decrypt,
+        :encode => false, 
+        :marshal => false, 
+        :if => true, 
+        :unless => false 
+      }.merge(attr_encrypted_options).merge(attrs.last.is_a?(Hash) ? attrs.pop : {})
+      options[:encode] = 'm*' if options[:encode] == true
+      
+      attrs.each do |attribute|
+        encrypted_attribute_name = options[:attribute].nil? ? options[:prefix].to_s + attribute.to_s + options[:suffix].to_s : options[:attribute].to_s
+        
+        encrypted_attributes[attribute.to_s] = encrypted_attribute_name
         
-        attrs.each do |attribute|
-          encrypted_attribute_name = options[:attribute].nil? ? options[:prefix].to_s + attribute.to_s + options[:suffix].to_s : options[:attribute].to_s
-          
-          encrypted_attributes[attribute.to_s] = encrypted_attribute_name
-          
-          attr_reader encrypted_attribute_name.to_sym unless instance_methods.include?(encrypted_attribute_name)
-          attr_writer encrypted_attribute_name.to_sym unless instance_methods.include?("#{encrypted_attribute_name}=")
-          
-          define_class_method "encrypt_#{attribute}" do |value|
-            if options[:if] && !options[:unless]
-              if value.nil? || (value.is_a?(String) && value.empty?)
-                encrypted_value = value
-              else
-                value = Marshal.dump(value) if options[:marshal]
-                encrypted_value = options[:encryptor].send options[:encrypt_method], options.merge(:value => value)
-                encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
-              end
-              encrypted_value
+        attr_reader encrypted_attribute_name.to_sym unless instance_methods.include?(encrypted_attribute_name)
+        attr_writer encrypted_attribute_name.to_sym unless instance_methods.include?("#{encrypted_attribute_name}=")
+        
+        define_class_method "encrypt_#{attribute}" do |value|
+          if options[:if] && !options[:unless]
+            if value.nil? || (value.is_a?(String) && value.empty?)
+              encrypted_value = value
             else
-              value
+              value = Marshal.dump(value) if options[:marshal]
+              encrypted_value = options[:encryptor].send options[:encrypt_method], options.merge(:value => value)
+              encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
             end
+            encrypted_value
+          else
+            value
           end
-          
-          define_class_method "decrypt_#{attribute}" do |encrypted_value|
-            if options[:if] && !options[:unless]
-              if encrypted_value.nil? || (encrypted_value.is_a?(String) && encrypted_value.empty?)
-                decrypted_value = encrypted_value
-              else
-                encrypted_value = encrypted_value.unpack(options[:encode]).to_s if options[:encode]
-                decrypted_value = options[:encryptor].send(options[:decrypt_method], options.merge(:value => encrypted_value))
-                decrypted_value = Marshal.load(decrypted_value) if options[:marshal]
-              end
-              decrypted_value
+        end
+        
+        define_class_method "decrypt_#{attribute}" do |encrypted_value|
+          if options[:if] && !options[:unless]
+            if encrypted_value.nil? || (encrypted_value.is_a?(String) && encrypted_value.empty?)
+              decrypted_value = encrypted_value
             else
-              encrypted_value
+              encrypted_value = encrypted_value.unpack(options[:encode]).to_s if options[:encode]
+              decrypted_value = options[:encryptor].send(options[:decrypt_method], options.merge(:value => encrypted_value))
+              decrypted_value = Marshal.load(decrypted_value) if options[:marshal]
             end
+            decrypted_value
+          else
+            encrypted_value
           end
-          
-          define_method "#{attribute}" do
-            value = instance_variable_get("@#{attribute}")
-            encrypted_value = send(encrypted_attribute_name.to_sym)
-            original_options = [:key, :if, :unless].inject({}) do |hash, option|
-              hash[option] = options[option]
-              options[option] = self.class.send :evaluate_attr_encrypted_option, options[option], self
-              hash
-            end
-            value = instance_variable_set("@#{attribute}", self.class.send("decrypt_#{attribute}".to_sym, encrypted_value)) if value.nil? && !encrypted_value.nil?
-            options.merge!(original_options)
-            value
+        end
+        
+        define_method "#{attribute}" do
+          value = instance_variable_get("@#{attribute}")
+          encrypted_value = send(encrypted_attribute_name.to_sym)
+          original_options = [:key, :if, :unless].inject({}) do |hash, option|
+            hash[option] = options[option]
+            options[option] = self.class.send :evaluate_attr_encrypted_option, options[option], self
+            hash
           end
-          
-          define_method "#{attribute}=" do |value|
-            original_options = [:key, :if, :unless].inject({}) do |hash, option|
-              hash[option] = options[option]
-              options[option] = self.class.send :evaluate_attr_encrypted_option, options[option], self
-              hash
-            end
-            send("#{encrypted_attribute_name}=".to_sym, self.class.send("encrypt_#{attribute}".to_sym, value))
-            options.merge!(original_options)
-            instance_variable_set("@#{attribute}", value)
+          value = instance_variable_set("@#{attribute}", self.class.send("decrypt_#{attribute}".to_sym, encrypted_value)) if value.nil? && !encrypted_value.nil?
+          options.merge!(original_options)
+          value
+        end
+        
+        define_method "#{attribute}=" do |value|
+          original_options = [:key, :if, :unless].inject({}) do |hash, option|
+            hash[option] = options[option]
+            options[option] = self.class.send :evaluate_attr_encrypted_option, options[option], self
+            hash
           end
+          send("#{encrypted_attribute_name}=".to_sym, self.class.send("encrypt_#{attribute}".to_sym, value))
+          options.merge!(original_options)
+          instance_variable_set("@#{attribute}", value)
         end
       end
-      
-      # Evaluates an option specified as a symbol representing an instance method or a proc
-      #
-      # If the option is not a symbol or proc then the original option is returned
-      def evaluate_attr_encrypted_option(option, object)
-        if option.is_a?(Symbol) && object.respond_to?(option)
-          object.send(option)
-        elsif option.respond_to?(:call)
-          option.call(object)
-        else
-          option
-        end
+    end
+    alias_method :attr_encryptor, :attr_encrypted
+    
+    # Evaluates an option specified as a symbol representing an instance method or a proc
+    #
+    # If the option is not a symbol or proc then the original option is returned
+    def evaluate_attr_encrypted_option(option, object)
+      if option.is_a?(Symbol) && object.respond_to?(option)
+        object.send(option)
+      elsif option.respond_to?(:call)
+        option.call(object)
+      else
+        option
       end
-  end
+    end
 end
 
-Object.extend Huberry::AttrEncrypted
+Object.extend AttrEncrypted
 
-Dir[File.join(File.dirname(__FILE__), 'huberry', 'attr_encrypted', 'adapters', '*.rb')].each { |file| require file }
+Dir[File.join(File.dirname(__FILE__), 'attr_encrypted', 'adapters', '*.rb')].each { |file| require file }