encryptor 1.3.0 → 2.0.0

data/lib/encryptor/string.rb

@@ -3,7 +3,7 @@ module Encryptor
   module String
     # Returns a new string containing the encrypted version of itself
     def encrypt(options = {})
-      Encryptor.encrypt(options.merge(:value => self))
+      Encryptor.encrypt(options.merge(value: self))
     end
 
     # Replaces the contents of a string with the encrypted version of itself
@@ -13,11 +13,11 @@ module Encryptor
 
     # Returns a new string containing the decrypted version of itself
     def decrypt(options = {})
-      Encryptor.decrypt(options.merge(:value => self))
+      Encryptor.decrypt(options.merge(value: self))
     end
 
     # Replaces the contents of a string with the decrypted version of itself
-    def decrypt!(options ={})
+    def decrypt!(options = {})
       replace decrypt(options)
     end
   end

data/lib/encryptor/version.rb

@@ -1,8 +1,8 @@
 module Encryptor
   # Contains information about this gem's version
   module Version
-    MAJOR = 1
-    MINOR = 3
+    MAJOR = 2
+    MINOR = 0
     PATCH = 0
 
     # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and <tt>PATCH</tt> with <tt>'.'</tt>

data/test/compatibility_test.rb

@@ -5,7 +5,7 @@ require File.expand_path('../test_helper', __FILE__)
 # for data stored in databases and allows consumers of the gem to upgrade with
 # confidence in the future.
 #
-class CompatibilityTest < Test::Unit::TestCase
+class CompatibilityTest < Minitest::Test
   ALGORITHM = 'aes-256-cbc'
 
   def self.base64_encode(value)
@@ -21,10 +21,11 @@ class CompatibilityTest < Test::Unit::TestCase
       key = Digest::SHA256.hexdigest('my-fixed-key')
       iv = Digest::SHA256.hexdigest('my-fixed-iv')
       result = Encryptor.encrypt(
-        :algorithm => ALGORITHM,
-        :value => 'my-fixed-input',
-        :key => key,
-        :iv => iv
+        algorithm: ALGORITHM,
+        value: 'my-fixed-input',
+        key: key,
+        iv: iv,
+        insecure_mode: true
       )
       assert_equal 'nGuyGniksFXnMYj/eCxXKQ==', self.class.base64_encode(result)
     end
@@ -32,9 +33,10 @@ class CompatibilityTest < Test::Unit::TestCase
     def test_encrypt_without_iv
       key = Digest::SHA256.hexdigest('my-fixed-key')
       result = Encryptor.encrypt(
-        :algorithm => ALGORITHM,
-        :value => 'my-fixed-input',
-        :key => key
+        algorithm: ALGORITHM,
+        value: 'my-fixed-input',
+        key: key,
+        insecure_mode: true
       )
       assert_equal 'XbwHRMFWqR5M80kgwRcEEg==', self.class.base64_encode(result)
     end
@@ -43,10 +45,11 @@ class CompatibilityTest < Test::Unit::TestCase
       key = Digest::SHA256.hexdigest('my-fixed-key')
       iv = Digest::SHA256.hexdigest('my-fixed-iv')
       result = Encryptor.decrypt(
-        :algorithm => ALGORITHM,
-        :value => self.class.base64_decode('nGuyGniksFXnMYj/eCxXKQ=='),
-        :key => key,
-        :iv => iv
+        algorithm: ALGORITHM,
+        value: self.class.base64_decode('nGuyGniksFXnMYj/eCxXKQ=='),
+        key: key,
+        iv: iv,
+        insecure_mode: true
       )
       assert_equal 'my-fixed-input', result
     end
@@ -54,9 +57,10 @@ class CompatibilityTest < Test::Unit::TestCase
     def test_decrypt_without_iv
       key = Digest::SHA256.hexdigest('my-fixed-key')
       result = Encryptor.decrypt(
-        :algorithm => ALGORITHM,
-        :value => self.class.base64_decode('XbwHRMFWqR5M80kgwRcEEg=='),
-        :key => key
+        algorithm: ALGORITHM,
+        value: self.class.base64_decode('XbwHRMFWqR5M80kgwRcEEg=='),
+        key: key,
+        insecure_mode: true
       )
       assert_equal 'my-fixed-input', result
     end
@@ -66,11 +70,11 @@ class CompatibilityTest < Test::Unit::TestCase
       iv = Digest::SHA256.hexdigest('my-fixed-iv')
       salt = 'my-fixed-salt'
       result = Encryptor.encrypt(
-        :algorithm => ALGORITHM,
-        :value => 'my-fixed-input',
-        :key => key,
-        :iv => iv,
-        :salt => salt
+        algorithm: ALGORITHM,
+        value: 'my-fixed-input',
+        key: key,
+        iv: iv,
+        salt: salt
       )
       assert_equal 'DENuQSh9b0eW8GN3YLzLGw==', self.class.base64_encode(result)
     end
@@ -80,11 +84,11 @@ class CompatibilityTest < Test::Unit::TestCase
       iv = Digest::SHA256.hexdigest('my-fixed-iv')
       salt = 'my-fixed-salt'
       result = Encryptor.decrypt(
-        :algorithm => ALGORITHM,
-        :value => self.class.base64_decode('DENuQSh9b0eW8GN3YLzLGw=='),
-        :key => key,
-        :iv => iv,
-        :salt => salt
+        algorithm: ALGORITHM,
+        value: self.class.base64_decode('DENuQSh9b0eW8GN3YLzLGw=='),
+        key: key,
+        iv: iv,
+        salt: salt
       )
       assert_equal 'my-fixed-input', result
     end

data/test/encryptor_string_test.rb

@@ -0,0 +1,60 @@
+require 'test_helper'
+
+class EncryptorStringTest < Minitest::Test
+
+  original_value = StringWithEncryptor.new
+  key = SecureRandom.random_bytes(64)
+  iv = SecureRandom.random_bytes(64)
+  salt = Time.now.to_i.to_s
+  original_value << SecureRandom.random_bytes(64)
+  auth_data = SecureRandom.random_bytes(64)
+  wrong_auth_tag = SecureRandom.random_bytes(16)
+
+  OpenSSLHelper::ALGORITHMS.each do |algorithm|
+    encrypted_value_with_iv = StringWithEncryptor.new
+    encrypted_value_without_iv = StringWithEncryptor.new
+    encrypted_value_with_iv << Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
+    encrypted_value_without_iv << Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
+
+    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      assert_equal encrypted_value_with_iv, original_value.encrypt(key: key, iv: iv, salt: salt, algorithm: algorithm)
+    end
+
+    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      assert_equal encrypted_value_without_iv, original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true)
+    end
+
+    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      assert_equal original_value, encrypted_value_with_iv.decrypt(key: key, iv: iv, salt: salt, algorithm: algorithm)
+    end
+
+    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      assert_equal original_value, encrypted_value_without_iv.decrypt(key: key, algorithm: algorithm, insecure_mode: true)
+    end
+
+    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      original_value_dup = original_value.dup
+      original_value_dup.encrypt!(key: key, iv: iv, salt: salt, algorithm: algorithm)
+      assert_equal original_value.encrypt(key: key, iv: iv, salt: salt, algorithm: algorithm), original_value_dup
+    end
+
+    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      original_value_dup = original_value.dup
+      original_value_dup.encrypt!(key: key, algorithm: algorithm, insecure_mode: true)
+      assert_equal original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true), original_value_dup
+    end
+
+    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
+      encrypted_value_with_iv_dup.decrypt!(key: key, iv: iv, salt: salt, algorithm: algorithm)
+      assert_equal original_value, encrypted_value_with_iv_dup
+    end
+
+    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
+      encrypted_value_without_iv_dup.decrypt!(key: key, algorithm: algorithm, insecure_mode: true)
+      assert_equal original_value, encrypted_value_without_iv_dup
+    end
+  end
+
+end

data/test/encryptor_test.rb

@@ -1,89 +1,50 @@
-require File.expand_path('../test_helper', __FILE__)
-require File.expand_path('../openssl_helper', __FILE__)
+require 'test_helper'
 
 # Tests for new preferred salted encryption mode
 #
-class EncryptorTest < Test::Unit::TestCase
+class EncryptorTest < Minitest::Test
 
-  key = Digest::SHA256.hexdigest(([Time.now.to_s] * rand(3)).join)
-  iv = Digest::SHA256.hexdigest(([Time.now.to_s] * rand(3)).join)
-  salt = Time.now.to_i.to_s
-  original_value = Digest::SHA256.hexdigest(([Time.now.to_s] * rand(3)).join)
+  key = SecureRandom.random_bytes(32)
+  iv = SecureRandom.random_bytes(16)
+  salt = SecureRandom.random_bytes(16)
+  original_value = SecureRandom.random_bytes(64)
+  auth_data = SecureRandom.random_bytes(64)
+  wrong_auth_tag = SecureRandom.random_bytes(16)
 
   OpenSSLHelper::ALGORITHMS.each do |algorithm|
-    encrypted_value_with_iv = Encryptor.encrypt(:value => original_value, :key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
-    encrypted_value_without_iv = Encryptor.encrypt(:value => original_value, :key => key, :algorithm => algorithm)
+    encrypted_value_with_iv = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
+    encrypted_value_without_iv = Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
 
     define_method "test_should_crypt_with_the_#{algorithm}_algorithm_with_iv" do
-      assert_not_equal original_value, encrypted_value_with_iv
-      assert_not_equal encrypted_value_without_iv, encrypted_value_with_iv
-      assert_equal original_value, Encryptor.decrypt(:value => encrypted_value_with_iv, :key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
+      refute_equal original_value, encrypted_value_with_iv
+      refute_equal encrypted_value_without_iv, encrypted_value_with_iv
+      assert_equal original_value, Encryptor.decrypt(value: encrypted_value_with_iv, key: key, iv: iv, salt: salt, algorithm: algorithm)
     end
 
     define_method "test_should_crypt_with_the_#{algorithm}_algorithm_without_iv" do
-      assert_not_equal original_value, encrypted_value_without_iv
-      assert_equal original_value, Encryptor.decrypt(:value => encrypted_value_without_iv, :key => key, :algorithm => algorithm)
+      refute_equal original_value, encrypted_value_without_iv
+      assert_equal original_value, Encryptor.decrypt(value: encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
-      assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, :key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
+      assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
     end
 
     define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
-      assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, :key => key, :algorithm => algorithm)
+      assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, key: key, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
-      assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, :key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
+      assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, key: key, iv: iv, salt: salt, algorithm: algorithm)
     end
 
     define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
-      assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, :key => key, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      assert_equal encrypted_value_with_iv, original_value.encrypt(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      assert_equal encrypted_value_without_iv, original_value.encrypt(:key => key, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      assert_equal original_value, encrypted_value_with_iv.decrypt(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      assert_equal original_value, encrypted_value_without_iv.decrypt(:key => key, :algorithm => algorithm)
-    end
-
-    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      original_value_dup = original_value.dup
-      original_value_dup.encrypt!(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
-      assert_equal original_value.encrypt(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm), original_value_dup
-    end
-
-    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      original_value_dup = original_value.dup
-      original_value_dup.encrypt!(:key => key, :algorithm => algorithm)
-      assert_equal original_value.encrypt(:key => key, :algorithm => algorithm), original_value_dup
-    end
-
-    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
-      encrypted_value_with_iv_dup.decrypt!(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
-      assert_equal original_value, encrypted_value_with_iv_dup
-    end
-
-    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
-      encrypted_value_without_iv_dup.decrypt!(:key => key, :algorithm => algorithm)
-      assert_equal original_value, encrypted_value_without_iv_dup
+      assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
     end
   end
 
   define_method 'test_should_use_the_default_algorithm_if_one_is_not_specified' do
-    assert_equal Encryptor.encrypt(:value => original_value, :key => key, :algorithm => Encryptor.default_options[:algorithm]), Encryptor.encrypt(:value => original_value, :key => key)
+    assert_equal Encryptor.encrypt(value: original_value, key: key, salt: salt, iv: iv, algorithm: Encryptor.default_options[:algorithm]), Encryptor.encrypt(value: original_value, key: key, salt: salt, iv: iv)
   end
 
   def test_should_have_a_default_algorithm
@@ -92,17 +53,48 @@ class EncryptorTest < Test::Unit::TestCase
   end
 
   def test_should_raise_argument_error_if_key_is_not_specified
-    assert_raises(ArgumentError) { Encryptor.encrypt('some value') }
-    assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string') }
-    assert_raises(ArgumentError) { Encryptor.encrypt('some value', :key => '') }
-    assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', :key => '') }
+    assert_raises(ArgumentError, "must specify a key") { Encryptor.encrypt('some value') }
+    assert_raises(ArgumentError, "must specify a key") { Encryptor.decrypt('some encrypted string') }
+  end
+
+  def test_should_raise_argument_error_if_key_is_too_short
+    assert_raises(ArgumentError, "key must be 32 bytes or longer") { Encryptor.encrypt('some value', key: '') }
+    assert_raises(ArgumentError, "key must be 32 bytes or longer") { Encryptor.decrypt('some encrypted string', key: '') }
   end
 
-  def test_should_yield_block_with_cipher_and_options
+  define_method 'test_should_raise_argument_error_if_iv_is_not_specified' do
+    assert_raises(ArgumentError, "must specify an iv") { Encryptor.encrypt('some value', key: key) }
+    assert_raises(ArgumentError, "must specify an iv") { Encryptor.decrypt('some encrypted string', key: key) }
+  end
+
+  define_method 'test_should_raise_argument_error_if_iv_is_too_short' do
+    assert_raises(ArgumentError, "iv must be 16 bytes or longer") { Encryptor.encrypt('some value', key: key, iv: 'a') }
+    assert_raises(ArgumentError, "iv must be 16 bytes or longer") { Encryptor.decrypt('some encrypted string', key: key, iv: 'a') }
+  end
+
+  define_method 'test_should_yield_block_with_cipher_and_options' do
     called = false
-    Encryptor.encrypt('some value', :key => 'some key') { |cipher, options| called = true }
+    Encryptor.encrypt('some value', key: key, iv: iv, salt: salt) { |cipher, options| called = true }
     assert called
   end
 
+  OpenSSLHelper::AUTHENTICATED_ENCRYPTION_ALGORITHMS.each do |algorithm|
+
+    define_method 'test_should_use_the_default_authentication_data_if_it_is_not_specified' do
+      encrypted_value = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
+      decrypted_value = Encryptor.decrypt(value: encrypted_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
+      refute_equal original_value, encrypted_value
+      assert_equal original_value, decrypted_value
+      assert_raises(OpenSSL::Cipher::CipherError) { Encryptor.decrypt(value: encrypted_value[0..-17] + wrong_auth_tag, key: key, iv: iv, salt: salt, algorithm: algorithm) }
+    end
+
+    define_method 'test_should_use_authentication_data_if_it_is_specified' do
+      encrypted_value = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm, auth_data: auth_data)
+      decrypted_value = Encryptor.decrypt(value: encrypted_value, key: key, iv: iv, salt: salt, algorithm: algorithm, auth_data: auth_data)
+      refute_equal original_value, encrypted_value
+      assert_equal original_value, decrypted_value
+      assert_raises(OpenSSL::Cipher::CipherError) { Encryptor.decrypt(value: encrypted_value[0..-17] + wrong_auth_tag, key: key, iv: iv, salt: salt, algorithm: algorithm) }
+    end
+  end
 end
 

data/test/legacy_encryptor_string_test.rb

@@ -0,0 +1,56 @@
+require 'test_helper'
+
+class LegacyEncryptorStringTest < Minitest::Test
+
+  key = SecureRandom.random_bytes(64)
+  iv = SecureRandom.random_bytes(64)
+  original_value = StringWithEncryptor.new
+  original_value << SecureRandom.random_bytes(64)
+
+  OpenSSLHelper::ALGORITHMS.each do |algorithm|
+    encrypted_value_with_iv = StringWithEncryptor.new
+    encrypted_value_with_iv << Encryptor.encrypt(value: original_value, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
+    encrypted_value_without_iv = StringWithEncryptor.new
+    encrypted_value_without_iv << Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
+
+    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      assert_equal encrypted_value_with_iv, original_value.encrypt(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
+    end
+
+    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      assert_equal encrypted_value_without_iv, original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true)
+    end
+
+    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      assert_equal original_value, encrypted_value_with_iv.decrypt(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
+    end
+
+    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      assert_equal original_value, encrypted_value_without_iv.decrypt(key: key, algorithm: algorithm, insecure_mode: true)
+    end
+
+    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      original_value_dup = original_value.dup
+      original_value_dup.encrypt!(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
+      assert_equal original_value.encrypt(key: key, iv: iv, algorithm: algorithm, insecure_mode: true), original_value_dup
+    end
+
+    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      original_value_dup = original_value.dup
+      original_value_dup.encrypt!(key: key, algorithm: algorithm, insecure_mode: true)
+      assert_equal original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true), original_value_dup
+    end
+
+    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
+      encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
+      encrypted_value_with_iv_dup.decrypt!(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
+      assert_equal original_value, encrypted_value_with_iv_dup
+    end
+
+    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
+      encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
+      encrypted_value_without_iv_dup.decrypt!(key: key, algorithm: algorithm, insecure_mode: true)
+      assert_equal original_value, encrypted_value_without_iv_dup
+    end
+  end
+end

data/test/legacy_encryptor_test.rb

@@ -1,88 +1,47 @@
-require File.expand_path('../test_helper', __FILE__)
-require File.expand_path('../openssl_helper', __FILE__)
+require 'test_helper'
 
 # Tests for legacy (non-salted) encryption mode
 #
-class LegacyEncryptorTest < Test::Unit::TestCase
+class LegacyEncryptorTest < Minitest::Test
 
-  key = Digest::SHA256.hexdigest(([Time.now.to_s] * rand(3)).join)
-  iv = Digest::SHA256.hexdigest(([Time.now.to_s] * rand(3)).join)
-  original_value = Digest::SHA256.hexdigest(([Time.now.to_s] * rand(3)).join)
+  key = SecureRandom.random_bytes(64)
+  iv = SecureRandom.random_bytes(64)
+  original_value = SecureRandom.random_bytes(64)
 
   OpenSSLHelper::ALGORITHMS.each do |algorithm|
-    encrypted_value_with_iv = Encryptor.encrypt(:value => original_value, :key => key, :iv => iv, :algorithm => algorithm)
-    encrypted_value_without_iv = Encryptor.encrypt(:value => original_value, :key => key, :algorithm => algorithm)
+    encrypted_value_with_iv = Encryptor.encrypt(value: original_value, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
+    encrypted_value_without_iv = Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
 
     define_method "test_should_crypt_with_the_#{algorithm}_algorithm_with_iv" do
-      assert_not_equal original_value, encrypted_value_with_iv
-      assert_not_equal encrypted_value_without_iv, encrypted_value_with_iv
-      assert_equal original_value, Encryptor.decrypt(:value => encrypted_value_with_iv, :key => key, :iv => iv, :algorithm => algorithm)
+      refute_equal original_value, encrypted_value_with_iv
+      refute_equal encrypted_value_without_iv, encrypted_value_with_iv
+      assert_equal original_value, Encryptor.decrypt(value: encrypted_value_with_iv, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_crypt_with_the_#{algorithm}_algorithm_without_iv" do
-      assert_not_equal original_value, encrypted_value_without_iv
-      assert_equal original_value, Encryptor.decrypt(:value => encrypted_value_without_iv, :key => key, :algorithm => algorithm)
+      refute_equal original_value, encrypted_value_without_iv
+      assert_equal original_value, Encryptor.decrypt(value: encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
-      assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, :key => key, :iv => iv, :algorithm => algorithm)
+      assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
-      assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, :key => key, :algorithm => algorithm)
+      assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, key: key, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
-      assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, :key => key, :iv => iv, :algorithm => algorithm)
+      assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
     end
 
     define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
-      assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, :key => key, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      assert_equal encrypted_value_with_iv, original_value.encrypt(:key => key, :iv => iv, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      assert_equal encrypted_value_without_iv, original_value.encrypt(:key => key, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      assert_equal original_value, encrypted_value_with_iv.decrypt(:key => key, :iv => iv, :algorithm => algorithm)
-    end
-
-    define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      assert_equal original_value, encrypted_value_without_iv.decrypt(:key => key, :algorithm => algorithm)
-    end
-
-    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      original_value_dup = original_value.dup
-      original_value_dup.encrypt!(:key => key, :iv => iv, :algorithm => algorithm)
-      assert_equal original_value.encrypt(:key => key, :iv => iv, :algorithm => algorithm), original_value_dup
-    end
-
-    define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      original_value_dup = original_value.dup
-      original_value_dup.encrypt!(:key => key, :algorithm => algorithm)
-      assert_equal original_value.encrypt(:key => key, :algorithm => algorithm), original_value_dup
-    end
-
-    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
-      encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
-      encrypted_value_with_iv_dup.decrypt!(:key => key, :iv => iv, :algorithm => algorithm)
-      assert_equal original_value, encrypted_value_with_iv_dup
-    end
-
-    define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
-      encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
-      encrypted_value_without_iv_dup.decrypt!(:key => key, :algorithm => algorithm)
-      assert_equal original_value, encrypted_value_without_iv_dup
+      assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
     end
   end
 
   define_method 'test_should_use_the_default_algorithm_if_one_is_not_specified' do
-    assert_equal Encryptor.encrypt(:value => original_value, :key => key, :algorithm => Encryptor.default_options[:algorithm]), Encryptor.encrypt(:value => original_value, :key => key)
+    assert_equal Encryptor.encrypt(value: original_value, key: key, algorithm: Encryptor.default_options[:algorithm], insecure_mode: true), Encryptor.encrypt(value: original_value, key: key, insecure_mode: true)
   end
 
   def test_should_have_a_default_algorithm
@@ -91,15 +50,15 @@ class LegacyEncryptorTest < Test::Unit::TestCase
   end
 
   def test_should_raise_argument_error_if_key_is_not_specified
-    assert_raises(ArgumentError) { Encryptor.encrypt('some value') }
-    assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string') }
-    assert_raises(ArgumentError) { Encryptor.encrypt('some value', :key => '') }
-    assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', :key => '') }
+    assert_raises(ArgumentError) { Encryptor.encrypt('some value', insecure_mode: true) }
+    assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', insecure_mode: true) }
+    assert_raises(ArgumentError) { Encryptor.encrypt('some value', key: '', insecure_mode: true) }
+    assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', key: '', insecure_mode: true) }
   end
 
   def test_should_yield_block_with_cipher_and_options
     called = false
-    Encryptor.encrypt('some value', :key => 'some key') { |cipher, options| called = true }
+    Encryptor.encrypt('some value', key: 'some key', insecure_mode: true) { |cipher, options| called = true }
     assert called
   end