powerhome-attr_encrypted 1.0.1

data/Rakefile

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'rake/testtask'
+require 'rdoc/task'
+require "bundler/gem_tasks"
+
+desc 'Test the attr_encrypted gem.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.warning = false
+  t.verbose = true
+end
+
+desc 'Generate documentation for the attr_encrypted gem.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'attr_encrypted'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+desc 'Default: run unit tests.'
+task :default => :test

data/attr_encrypted.gemspec

@@ -0,0 +1,63 @@
+# -*- encoding: utf-8 -*-
+
+lib = File.expand_path('../lib/', __FILE__)
+$:.unshift lib unless $:.include?(lib)
+
+require 'attr_encrypted/version'
+require 'date'
+
+Gem::Specification.new do |s|
+  s.name    = 'powerhome-attr_encrypted'
+  s.version = AttrEncrypted::Version.string
+  s.date    = Date.today
+
+  s.summary     = "Power's version of the attr_encrypted gem"
+  s.description = 'Generates attr_accessors that encrypt and decrypt attributes transparently'
+
+  s.authors   = ['Wade Winningham', 'Ben Langfeld']
+  s.email    = ['wwinningham@powerhrg.com', 'ben@langfeld.me']
+  s.homepage = 'https://github.com/powerhome/attr_encrypted'
+  s.license = 'MIT'
+
+  s.require_paths = ['lib']
+
+  s.files      = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- test/*`.split("\n")
+
+  s.required_ruby_version = '>= 2.0.0'
+
+  s.add_dependency('encryptor', ['~> 3.0.0'])
+  # support for testing with specific active record version
+  activerecord_version = if ENV.key?('ACTIVERECORD')
+    "~> #{ENV['ACTIVERECORD']}"
+  else
+    '>= 2.0.0'
+  end
+  s.add_development_dependency('activerecord', activerecord_version)
+  s.add_development_dependency('actionpack', activerecord_version)
+  s.add_development_dependency('datamapper')
+  s.add_development_dependency('rake')
+  s.add_development_dependency('minitest')
+  s.add_development_dependency('sequel')
+  s.add_development_dependency('pry-byebug')
+  if RUBY_VERSION < '2.1.0'
+    s.add_development_dependency('nokogiri', '< 1.7.0')
+    s.add_development_dependency('public_suffix', '< 3.0.0')
+  end
+  if defined?(RUBY_ENGINE) && RUBY_ENGINE.to_sym == :jruby
+    s.add_development_dependency('activerecord-jdbcsqlite3-adapter')
+    s.add_development_dependency('jdbc-sqlite3', '< 3.8.7') # 3.8.7 is nice and broke
+  else
+    s.add_development_dependency('sqlite3', '~> 1.3.0', '>= 1.3.6')
+  end
+  s.add_development_dependency('dm-sqlite-adapter')
+  s.add_development_dependency('simplecov')
+  s.add_development_dependency('simplecov-rcov')
+  s.add_development_dependency("codeclimate-test-reporter", '<= 0.6.0')
+
+  s.post_install_message = "\n\n\nWARNING: Several insecure default options and features were deprecated in attr_encrypted v2.0.0.\n
+Additionally, there was a bug in Encryptor v2.0.0 that insecurely encrypted data when using an AES-*-GCM algorithm.\n
+This bug was fixed but introduced breaking changes between v2.x and v3.x.\n
+Please see the README for more information regarding upgrading to attr_encrypted v3.0.0.\n\n\n"
+
+end

data/certs/saghaulor.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRIwEAYDVQQDDAlzYWdo
+YXVsb3IxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkWA2Nv
+bTAeFw0xODAyMTIwMzMzMThaFw0xOTAyMTIwMzMzMThaMEAxEjAQBgNVBAMMCXNh
+Z2hhdWxvcjEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPyLGQBGRYD
+Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOLqbSmj5txfw39a
+Ki0g3BJWGrfGBiSRq9aThUGzoiaqyDo/m1WMQdgPioZG+P923okChEWFjhSymBQU
+eMdys6JRPm5ortp5sh9gesOWoozqb8R55d8rr1V7pY533cCut53Kb1wiitjkfXjR
+efT2HPh6nV6rYjGMJek/URaCNzsZo7HCkRsKdezP+BKr4V4wOka69tfJX5pcvFvR
+iiqfaiP4RK12hYdsFnSVKiKP7SAFTFiYcohbL8TUW6ezQQqJCK0M6fu74EWVCnBS
+gFVjj931BuD8qhuxMiB6uC6FKxemB5TRGBLzn7RcrOMAo2inMAopjkGeQJUAyVCm
+J5US3wIDAQABo3kwdzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU
+hJEuSZgvuuIhIsxQ/0pRQTBVzokwHgYDVR0RBBcwFYETc2FnaGF1bG9yQGdtYWls
+LmNvbTAeBgNVHRIEFzAVgRNzYWdoYXVsb3JAZ21haWwuY29tMA0GCSqGSIb3DQEB
+BQUAA4IBAQCsBS2cxqTmV4nXJEH/QbdgjVDAZbK6xf2gpM3vCRlYsy7Wz6GEoOpD
+bzRkjxZwGNbhXShMUZwm6zahYQ/L1/HFztLoMBMkm8EIfPxH0PDrP4aWl0oyWxmU
+OLm0/t9icSWRPPJ1tLJvuAaDdVpY5dEHd6VdnNJGQC5vHKRInt1kEyqEttIJ/xmJ
+leSEFyMeoFsR+C/WPG9WSC+xN0eXqakCu6YUJoQzCn/7znv8WxpHEbeZjNIHq0qb
+nbqZ/ZW1bwzj1T/NIbnMr37wqV29XwkI4+LbewMkb6/bDPYl0qZpAkCxKtGYCCJp
+l6KPs9K/72yH00dxuAhiTXikTkcLXeQJ
+-----END CERTIFICATE-----

data/checksum/attr_encrypted-3.0.0.gem.sha256

@@ -0,0 +1 @@
+845fc3cb09a19c3ac76192aba443788f92c880744617bca99b16fd31ce843e07

data/checksum/attr_encrypted-3.0.0.gem.sha512

@@ -0,0 +1 @@
+81a065442258cc3702aab62c7b2307a48ed3e0deb803600d11a7480cce0db7c43fd9929acd2755081042f8989236553fd694b6cb62776bbfc53f9165a22cbca1

data/checksum/attr_encrypted-3.0.1.gem.sha256

@@ -0,0 +1 @@
+33140af4b223177db7a19efb2fa38472a299a745b29ca1c5ba9d3fa947390b77

data/checksum/attr_encrypted-3.0.1.gem.sha512

@@ -0,0 +1 @@
+0c467cab98b9b2eb331f9818323a90ae01392d6cb03cf1f32faccc954d0fc54be65f0fc7bf751b0fce57925eef1c9e2af90181bc40d81ad93e21d15a001c53c6

data/checksum/attr_encrypted-3.0.2.gem.sha256

@@ -0,0 +1 @@
+c1256b459336d4a2012a0d0c70ce5cd3dac46acb5e78da6f77f6f104cb1e8b7b

data/checksum/attr_encrypted-3.0.2.gem.sha512

@@ -0,0 +1 @@
+dca0c8a729974c0e26fde4cd4216c7d0f66d9eca9f6cf0ccca64999f5180a00bf7c05b630c1d420ec1673141a2923946e8bd28b12e711faf64a4cd42c7a3ac9e

data/checksum/attr_encrypted-3.0.3.gem.sha256

@@ -0,0 +1 @@
+6d84c64852c4bbc0926b92fe7a93295671a9e69cb2939b96fb1e4b5e8a5b33b6

data/checksum/attr_encrypted-3.0.3.gem.sha512

@@ -0,0 +1 @@
+0f960e8a2f63c747c273241f7395dcceb0dd8a6f79349bee453db741fc7ea5ceb4342d7d5908e540e3b5acea2216ff38bef8c743e6e7c8559bacb4a731ab27c4

data/checksum/attr_encrypted-3.1.0.gem.sha256

@@ -0,0 +1 @@
+4f0682604714ed4599cf00771ad27e82f0b51b0ed8644af51a43d21fbe129b59

data/checksum/attr_encrypted-3.1.0.gem.sha512

@@ -0,0 +1 @@
+dc757a50c53175dc05adbfccb25b536f7f1a060c7bd626bfc72ff577479c6fe28d3b65747033276bd4bce3dad741b67235f3e01ea61409f6c67959da65df445b

data/lib/attr_encrypted.rb

@@ -0,0 +1,473 @@
+# frozen_string_literal: true
+
+require 'encryptor'
+
+# Adds attr_accessors that encrypt and decrypt an object's attributes
+module AttrEncrypted
+  autoload :Version, 'attr_encrypted/version'
+
+  def self.extended(base) # :nodoc:
+    base.class_eval do
+      include InstanceMethods
+      attr_writer :attr_encrypted_options
+      @attr_encrypted_options, @encrypted_attributes = {}, {}
+    end
+  end
+
+  # Generates attr_accessors that encrypt and decrypt attributes transparently
+  #
+  # Options (any other options you specify are passed to the Encryptor's encrypt and decrypt methods)
+  #
+  #   attribute:            The name of the referenced encrypted attribute. For example
+  #                         <tt>attr_accessor :email, attribute: :ee</tt> would generate an
+  #                         attribute named 'ee' to store the encrypted email. This is useful when defining
+  #                         one attribute to encrypt at a time or when the :prefix and :suffix options
+  #                         aren't enough.
+  #                         Defaults to nil.
+  #
+  #   prefix:               A prefix used to generate the name of the referenced encrypted attributes.
+  #                         For example <tt>attr_accessor :email, prefix: 'crypted_'</tt> would
+  #                         generate attributes named 'crypted_email' to store the encrypted
+  #                         email and password.
+  #                         Defaults to 'encrypted_'.
+  #
+  #   suffix:               A suffix used to generate the name of the referenced encrypted attributes.
+  #                         For example <tt>attr_accessor :email, prefix: '', suffix: '_encrypted'</tt>
+  #                         would generate attributes named 'email_encrypted' to store the
+  #                         encrypted email.
+  #                         Defaults to ''.
+  #
+  #   key:                  The encryption key. This option may not be required if
+  #                         you're using a custom encryptor. If you pass a symbol
+  #                         representing an instance method then the :key option
+  #                         will be replaced with the result of the method before
+  #                         being passed to the encryptor. Objects that respond
+  #                         to :call are evaluated as well (including procs).
+  #                         Any other key types will be passed directly to the encryptor.
+  #                         Defaults to nil.
+  #
+  #   encode:               If set to true, attributes will be encoded as well as
+  #                         encrypted. This is useful if you're planning on storing
+  #                         the encrypted attributes in a database. The default
+  #                         encoding is 'm' (base64), however this can be overwritten
+  #                         by setting the :encode option to some other encoding
+  #                         string instead of just 'true'. See
+  #                         http://www.ruby-doc.org/core/classes/Array.html#M002245
+  #                         for more encoding directives.
+  #                         Defaults to false unless you're using it with ActiveRecord, DataMapper, or Sequel.
+  #
+  #   encode_iv:            Defaults to true.
+
+  #   encode_salt:          Defaults to true.
+  #
+  #   default_encoding:     Defaults to 'm' (base64).
+  #
+  #   marshal:              If set to true, attributes will be marshaled as well
+  #                         as encrypted. This is useful if you're planning on
+  #                         encrypting something other than a string.
+  #                         Defaults to false.
+  #
+  #   marshaler:            The object to use for marshaling.
+  #                         Defaults to Marshal.
+  #
+  #   dump_method:          The dump method name to call on the <tt>:marshaler</tt> object to.
+  #                         Defaults to 'dump'.
+  #
+  #   load_method:          The load method name to call on the <tt>:marshaler</tt> object.
+  #                         Defaults to 'load'.
+  #
+  #   encryptor:            The object to use for encrypting.
+  #                         Defaults to Encryptor.
+  #
+  #   encrypt_method:       The encrypt method name to call on the <tt>:encryptor</tt> object.
+  #                         Defaults to 'encrypt'.
+  #
+  #   decrypt_method:       The decrypt method name to call on the <tt>:encryptor</tt> object.
+  #                         Defaults to 'decrypt'.
+  #
+  #   if:                   Attributes are only encrypted if this option evaluates
+  #                         to true. If you pass a symbol representing an instance
+  #                         method then the result of the method will be evaluated.
+  #                         Any objects that respond to <tt>:call</tt> are evaluated as well.
+  #                         Defaults to true.
+  #
+  #   unless:               Attributes are only encrypted if this option evaluates
+  #                         to false. If you pass a symbol representing an instance
+  #                         method then the result of the method will be evaluated.
+  #                         Any objects that respond to <tt>:call</tt> are evaluated as well.
+  #                         Defaults to false.
+  #
+  #   mode:                 Selects encryption mode for attribute: choose <tt>:single_iv_and_salt</tt> for compatibility
+  #                         with the old attr_encrypted API: the IV is derived from the encryption key by the underlying Encryptor class; salt is not used.
+  #                         The <tt>:per_attribute_iv_and_salt</tt> mode uses a per-attribute IV and salt. The salt is used to derive a unique key per attribute.
+  #                         A <tt>:per_attribute_iv</default> mode derives a unique IV per attribute; salt is not used.
+  #                         Defaults to <tt>:per_attribute_iv</tt>.
+  #
+  #   allow_empty_value:    Attributes which have nil or empty string values will not be encrypted unless this option
+  #                         has a truthy value.
+  #
+  # You can specify your own default options
+  #
+  #   class User
+  #     # Now all attributes will be encoded and marshaled by default
+  #     attr_encrypted_options.merge!(encode: true, marshal: true, some_other_option: true)
+  #     attr_encrypted :configuration, key: 'my secret key'
+  #   end
+  #
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email, key: 'some secret key'
+  #     attr_encrypted :configuration, key: 'some other secret key', marshal: true
+  #   end
+  #
+  #   @user = User.new
+  #   @user.encrypted_email # nil
+  #   @user.email? # false
+  #   @user.email = 'test@example.com'
+  #   @user.email? # true
+  #   @user.encrypted_email # returns the encrypted version of 'test@example.com'
+  #
+  #   @user.configuration = { time_zone: 'UTC' }
+  #   @user.encrypted_configuration # returns the encrypted version of configuration
+  #
+  #   See README for more examples
+  def attr_encrypted(*attributes)
+    options = attributes.last.is_a?(Hash) ? attributes.pop : {}
+    options = attr_encrypted_default_options.dup.merge!(attr_encrypted_options).merge!(options)
+
+    options[:encode] = options[:default_encoding] if options[:encode] == true
+    options[:encode_iv] = options[:default_encoding] if options[:encode_iv] == true
+    options[:encode_salt] = options[:default_encoding] if options[:encode_salt] == true
+
+    attributes.each do |attribute|
+      encrypted_attribute_name = (options[:attribute] ? options[:attribute] : [options[:prefix], attribute, options[:suffix]].join).to_sym
+
+      instance_methods_as_symbols = attribute_instance_methods_as_symbols
+
+      if attribute_instance_methods_as_symbols_available?
+        attr_reader encrypted_attribute_name unless instance_methods_as_symbols.include?(encrypted_attribute_name)
+        attr_writer encrypted_attribute_name unless instance_methods_as_symbols.include?(:"#{encrypted_attribute_name}=")
+
+        iv_name = "#{encrypted_attribute_name}_iv".to_sym
+        attr_reader iv_name unless instance_methods_as_symbols.include?(iv_name)
+        attr_writer iv_name unless instance_methods_as_symbols.include?(:"#{iv_name}=")
+
+        salt_name = "#{encrypted_attribute_name}_salt".to_sym
+        attr_reader salt_name unless instance_methods_as_symbols.include?(salt_name)
+        attr_writer salt_name unless instance_methods_as_symbols.include?(:"#{salt_name}=")
+      end
+
+      define_method(attribute) do
+        instance_variable_get("@#{attribute}") || instance_variable_set("@#{attribute}", decrypt(attribute, send(encrypted_attribute_name)))
+      end
+
+      define_method("#{attribute}=") do |value|
+        send("#{encrypted_attribute_name}=", encrypt(attribute, value))
+        instance_variable_set("@#{attribute}", value)
+      end
+
+      define_method("#{attribute}?") do
+        value = send(attribute)
+        value.respond_to?(:empty?) ? !value.empty? : !!value
+      end
+
+      encrypted_attributes[attribute.to_sym] = options.merge(attribute: encrypted_attribute_name)
+    end
+  end
+
+  alias_method :attr_encryptor, :attr_encrypted
+
+  # Default options to use with calls to <tt>attr_encrypted</tt>
+  #
+  # It will inherit existing options from its superclass
+  def attr_encrypted_options
+    @attr_encrypted_options ||= superclass.attr_encrypted_options.dup
+  end
+
+  def attr_encrypted_default_options
+    {
+      prefix:            'encrypted_',
+      suffix:            '',
+      if:                true,
+      unless:            false,
+      encode:            false,
+      encode_iv:         true,
+      encode_salt:       true,
+      default_encoding:  'm',
+      marshal:           false,
+      marshaler:         Marshal,
+      dump_method:       'dump',
+      load_method:       'load',
+      encryptor:         Encryptor,
+      encrypt_method:    'encrypt',
+      decrypt_method:    'decrypt',
+      mode:              :per_attribute_iv,
+      algorithm:         'aes-256-gcm',
+      allow_empty_value: false,
+    }
+  end
+
+  private :attr_encrypted_default_options
+
+  # Checks if an attribute is configured with <tt>attr_encrypted</tt>
+  #
+  # Example
+  #
+  #   class User
+  #     attr_accessor :name
+  #     attr_encrypted :email
+  #   end
+  #
+  #   User.attr_encrypted?(:name)  # false
+  #   User.attr_encrypted?(:email) # true
+  def attr_encrypted?(attribute)
+    encrypted_attributes.has_key?(attribute.to_sym)
+  end
+
+  # Decrypts a value for the attribute specified
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email
+  #   end
+  #
+  #   email = User.decrypt(:email, 'SOME_ENCRYPTED_EMAIL_STRING')
+  def decrypt(attribute, encrypted_value, options = {})
+    options = encrypted_attributes[attribute.to_sym].merge(options)
+    if options[:if] && !options[:unless] && not_empty?(encrypted_value)
+      encrypted_value = encrypted_value.unpack(options[:encode]).first if options[:encode]
+      value = options[:encryptor].send(options[:decrypt_method], options.merge!(value: encrypted_value))
+      if options[:marshal]
+        value = options[:marshaler].send(options[:load_method], value)
+      elsif defined?(Encoding)
+        encoding = Encoding.default_internal || Encoding.default_external
+        value = value.force_encoding(encoding.name)
+      end
+      value
+    else
+      encrypted_value
+    end
+  end
+
+  # Encrypts a value for the attribute specified
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email
+  #   end
+  #
+  #   encrypted_email = User.encrypt(:email, 'test@example.com')
+  def encrypt(attribute, value, options = {})
+    options = encrypted_attributes[attribute.to_sym].merge(options)
+    if options[:if] && !options[:unless] && (options[:allow_empty_value] || not_empty?(value))
+      value = options[:marshal] ? options[:marshaler].send(options[:dump_method], value) : value.to_s
+      encrypted_value = options[:encryptor].send(options[:encrypt_method], options.merge!(value: value))
+      encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
+      encrypted_value
+    else
+      value
+    end
+  end
+
+  def not_empty?(value)
+    !value.nil? && !(value.is_a?(String) && value.empty?)
+  end
+
+  # Contains a hash of encrypted attributes with virtual attribute names as keys
+  # and their corresponding options as values
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email, key: 'my secret key'
+  #   end
+  #
+  #   User.encrypted_attributes # { email: { attribute: 'encrypted_email', key: 'my secret key' } }
+  def encrypted_attributes
+    @encrypted_attributes ||= superclass.encrypted_attributes.dup
+  end
+
+  # Forwards calls to :encrypt_#{attribute} or :decrypt_#{attribute} to the corresponding encrypt or decrypt method
+  # if attribute was configured with attr_encrypted
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email, key: 'my secret key'
+  #   end
+  #
+  #   User.encrypt_email('SOME_ENCRYPTED_EMAIL_STRING')
+  def method_missing(method, *arguments, &block)
+    if method.to_s =~ /^((en|de)crypt)_(.+)$/ && attr_encrypted?($3)
+      send($1, $3, *arguments)
+    else
+      super
+    end
+  end
+
+  module InstanceMethods
+    # Decrypts a value for the attribute specified using options evaluated in the current object's scope
+    #
+    # Example
+    #
+    #  class User
+    #    attr_accessor :secret_key
+    #    attr_encrypted :email, key: :secret_key
+    #
+    #    def initialize(secret_key)
+    #      self.secret_key = secret_key
+    #    end
+    #  end
+    #
+    #  @user = User.new('some-secret-key')
+    #  @user.decrypt(:email, 'SOME_ENCRYPTED_EMAIL_STRING')
+    def decrypt(attribute, encrypted_value)
+      encrypted_attributes[attribute.to_sym][:operation] = :decrypting
+      encrypted_attributes[attribute.to_sym][:value_present] = self.class.not_empty?(encrypted_value)
+      self.class.decrypt(attribute, encrypted_value, evaluated_attr_encrypted_options_for(attribute))
+    end
+
+    # Encrypts a value for the attribute specified using options evaluated in the current object's scope
+    #
+    # Example
+    #
+    #  class User
+    #    attr_accessor :secret_key
+    #    attr_encrypted :email, key: :secret_key
+    #
+    #    def initialize(secret_key)
+    #      self.secret_key = secret_key
+    #    end
+    #  end
+    #
+    #  @user = User.new('some-secret-key')
+    #  @user.encrypt(:email, 'test@example.com')
+    def encrypt(attribute, value)
+      encrypted_attributes[attribute.to_sym][:operation] = :encrypting
+      encrypted_attributes[attribute.to_sym][:value_present] = self.class.not_empty?(value)
+      self.class.encrypt(attribute, value, evaluated_attr_encrypted_options_for(attribute))
+    end
+
+    # Copies the class level hash of encrypted attributes with virtual attribute names as keys
+    # and their corresponding options as values to the instance
+    #
+    def encrypted_attributes
+      @encrypted_attributes ||= begin
+        duplicated= {}
+        self.class.encrypted_attributes.map { |key, value| duplicated[key] = value.dup }
+        duplicated
+      end
+    end
+
+    protected
+
+      # Returns attr_encrypted options evaluated in the current object's scope for the attribute specified
+      def evaluated_attr_encrypted_options_for(attribute)
+        evaluated_options = Hash.new
+        attributes = encrypted_attributes[attribute.to_sym]
+        attribute_option_value = attributes[:attribute]
+
+        [:if, :unless, :value_present, :allow_empty_value].each do |option|
+          evaluated_options[option] = evaluate_attr_encrypted_option(attributes[option])
+        end
+
+        evaluated_options[:attribute] = attribute_option_value
+
+        evaluated_options.tap do |options|
+          if options[:if] && !options[:unless] && options[:value_present] || options[:allow_empty_value]
+            (attributes.keys - evaluated_options.keys).each do |option|
+              options[option] = evaluate_attr_encrypted_option(attributes[option])
+            end
+
+            unless options[:mode] == :single_iv_and_salt
+              load_iv_for_attribute(attribute, options)
+            end
+
+            if options[:mode] == :per_attribute_iv_and_salt
+              load_salt_for_attribute(attribute, options)
+            end
+          end
+        end
+      end
+
+      # Evaluates symbol (method reference) or proc (responds to call) options
+      #
+      # If the option is not a symbol or proc then the original option is returned
+      def evaluate_attr_encrypted_option(option)
+        if option.is_a?(Symbol) && respond_to?(option, true)
+          send(option)
+        elsif option.respond_to?(:call)
+          option.call(self)
+        else
+          option
+        end
+      end
+
+      def load_iv_for_attribute(attribute, options)
+        encrypted_attribute_name = options[:attribute]
+        encode_iv = options[:encode_iv]
+        iv = options[:iv] || send("#{encrypted_attribute_name}_iv")
+        if options[:operation] == :encrypting
+          begin
+            iv = generate_iv(options[:algorithm])
+            iv = [iv].pack(encode_iv) if encode_iv
+            send("#{encrypted_attribute_name}_iv=", iv)
+          rescue RuntimeError
+          end
+        end
+        if iv && !iv.empty?
+          iv = iv.unpack(encode_iv).first if encode_iv
+          options[:iv] = iv
+        end
+      end
+
+      def generate_iv(algorithm)
+        algo = OpenSSL::Cipher.new(algorithm)
+        algo.encrypt
+        algo.random_iv
+      end
+
+      def load_salt_for_attribute(attribute, options)
+        encrypted_attribute_name = options[:attribute]
+        encode_salt = options[:encode_salt]
+        salt = options[:salt] || send("#{encrypted_attribute_name}_salt")
+        if options[:operation] == :encrypting
+          salt = SecureRandom.random_bytes
+          salt = prefix_and_encode_salt(salt, encode_salt) if encode_salt
+          send("#{encrypted_attribute_name}_salt=", salt)
+        end
+        if salt && !salt.empty?
+          salt = decode_salt_if_encoded(salt, encode_salt) if encode_salt
+          options[:salt] = salt
+        end
+      end
+
+      def prefix_and_encode_salt(salt, encoding)
+        prefix = '_'
+        prefix + [salt].pack(encoding)
+      end
+
+      def decode_salt_if_encoded(salt, encoding)
+        prefix = '_'
+        salt.slice(0).eql?(prefix) ? salt.slice(1..-1).unpack(encoding).first : salt
+      end
+  end
+
+  protected
+
+  def attribute_instance_methods_as_symbols
+    instance_methods.collect { |method| method.to_sym }
+  end
+
+  def attribute_instance_methods_as_symbols_available?
+    true
+  end
+
+end
+
+
+Dir[File.join(File.dirname(__FILE__), 'attr_encrypted', 'adapters', '*.rb')].each { |adapter| require adapter }