symmetric-encryption 3.7.2 → 3.8.0

data/lib/symmetric_encryption/coerce.rb

@@ -0,0 +1,75 @@
+module SymmetricEncryption
+  # For coercing data types to from strings
+  module Coerce
+    TYPE_MAP = {
+      string:   String,
+      integer:  Integer,
+      float:    Float,
+      decimal:  BigDecimal,
+      datetime: DateTime,
+      time:     Time,
+      date:     Date
+    }
+
+    # Coerce given value into given type
+    # Does not coerce json or yaml values
+    def self.coerce(value, type, from_type=nil)
+      return if value.nil? || (value.is_a?(String) && (value !~ /[^[:space:]]/))
+
+      from_type ||= value.class
+      case type
+      when :json
+        value
+      when :yaml
+        value
+      else
+        coercer = Coercible::Coercer.new
+        coercer[from_type].send("to_#{type}".to_sym, value)
+      end
+    end
+
+    # Uses coercible gem to coerce values from strings into the target type
+    # Note: if the type is :string, then the value is returned as is, and the
+    #   coercible gem is not used at all.
+    def self.coerce_from_string(value, type)
+      return if value.nil?
+      case type
+      when :string
+        value
+      when :json
+        JSON.load(value)
+      when :yaml
+        YAML.load(value)
+      else
+        self.coerce(value, type, String)
+      end
+    end
+
+    # Uses coercible gem to coerce values to strings from the specified type
+    # Note: if the type is :string, and value is not nil, then #to_s is called
+    #   on the value and the coercible gem is not used at all.
+    def self.coerce_to_string(value, type)
+      return if value.nil?
+
+      case type
+      when :string
+        value.to_s
+      when :json
+        value.to_json
+      when :yaml
+        value.to_yaml
+      else
+        self.coerce(value, :string, coercion_type(type, value))
+      end
+    end
+
+    # Returns the correct coercion type to use for the specified symbol and value
+    def self.coercion_type(symbol, value)
+      if symbol == :boolean
+        value.class
+      else
+        TYPE_MAP[symbol]
+      end
+    end
+  end
+end

data/lib/symmetric_encryption/config.rb

@@ -0,0 +1,88 @@
+module SymmetricEncryption
+  module Config
+    # Load the Encryption Configuration from a YAML file
+    #  filename:
+    #    Name of file to read.
+    #        Mandatory for non-Rails apps
+    #        Default: Rails.root/config/symmetric-encryption.yml
+    #  environment:
+    #    Which environments config to load. Usually: production, development, etc.
+    #    Default: Rails.env
+    def self.load!(filename=nil, environment=nil)
+      config  = read_config(filename, environment)
+      ciphers = extract_ciphers(config)
+
+      SymmetricEncryption.cipher            = ciphers.shift
+      SymmetricEncryption.secondary_ciphers = ciphers
+      true
+    end
+
+    private
+
+    # Returns [Hash] the configuration for the supplied environment
+    def self.read_config(filename=nil, environment=nil)
+      config_filename = filename || File.join(Rails.root, 'config', 'symmetric-encryption.yml')
+      cfg             = YAML.load(ERB.new(File.new(config_filename).read).result)[environment || Rails.env]
+      extract_config(cfg)
+    end
+
+    # Returns [ private_rsa_key, ciphers ] config
+    def self.extract_config(config)
+      config = deep_symbolize_keys(config)
+
+      # Old format?
+      unless config.has_key?(:ciphers)
+        config = {
+          private_rsa_key: config.delete(:private_rsa_key),
+          ciphers:         [config]
+        }
+      end
+
+      # Old format cipher name?
+      config[:ciphers] = config[:ciphers].collect do |cipher|
+        if old_key_name_cipher = cipher.delete(:cipher)
+          cipher[:cipher_name] = old_key_name_cipher
+        end
+        cipher
+      end
+      config
+    end
+
+    # Returns [Array(SymmetricEncrytion::Cipher)] ciphers specified in the configuration file
+    #
+    # Read the configuration from the YAML file and return in the latest format
+    #
+    #  filename:
+    #    Name of file to read.
+    #        Mandatory for non-Rails apps
+    #        Default: Rails.root/config/symmetric-encryption.yml
+    #  environment:
+    #    Which environments config to load. Usually: production, development, etc.
+    def self.extract_ciphers(config)
+      # RSA key to decrypt key files
+      private_rsa_key = config[:private_rsa_key]
+
+      config[:ciphers].collect do |cipher_config|
+        Cipher.new({private_rsa_key: private_rsa_key}.merge(cipher_config))
+      end
+    end
+
+    # Iterate through the Hash symbolizing all keys
+    def self.deep_symbolize_keys(x)
+      case x
+      when Hash
+        result = {}
+        x.each_pair do |key, value|
+          key         = key.to_sym if key.is_a?(String)
+          result[key] = deep_symbolize_keys(value)
+        end
+        result
+      when Array
+        x.collect { |i| deep_symbolize_keys(i) }
+      else
+        x
+      end
+    end
+
+  end
+end

data/lib/symmetric_encryption/extensions/active_record/base.rb

@@ -41,7 +41,7 @@ module ActiveRecord #:nodoc:
         # Ignore failures since the table may not yet actually exist
         define_attribute_methods rescue nil
 
-        options   = params.last.is_a?(Hash) ? params.pop.dup : {}
+        options = params.last.is_a?(Hash) ? params.pop.dup : {}
 
         params.each do |attribute|
           SymmetricEncryption::Generator.generate_decrypted_accessors(self, attribute, "encrypted_#{attribute}", options)
@@ -129,7 +129,7 @@ module ActiveRecord #:nodoc:
           attribute_names.each_with_index do |attribute, index|
             encrypted_name = "encrypted_#{attribute}"
             if method_defined? encrypted_name.to_sym
-              args[index] = ::SymmetricEncryption.encrypt(args[index])
+              args[index]            = ::SymmetricEncryption.encrypt(args[index])
               attribute_names[index] = encrypted_name
             end
           end

data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb

@@ -10,7 +10,7 @@
 #  Mongoid.load!('config/mongoid.yml')
 #
 #  # Initialize SymmetricEncryption in a standalone environment. In a Rails app this is not required
-#  SymmetricEncryption.load!('config/symmetric-encryption.yml', 'test')
+#  SymmetricEncryption::Config.load!('config/symmetric-encryption.yml', 'test')
 #
 #  class Person
 #    include Mongoid::Document
@@ -89,7 +89,7 @@
 # @return [ Field ] The generated field
 Mongoid::Fields.option :encrypted do |model, field, options|
   if options != false
-    options = options.is_a?(Hash) ? options.dup : {}
+    options              = options.is_a?(Hash) ? options.dup : {}
     encrypted_field_name = field.name
 
     # Support overriding the name of the decrypted attribute

data/lib/symmetric_encryption/generator.rb

@@ -24,7 +24,7 @@ module SymmetricEncryption
         # Also updates the encrypted field with the encrypted value
         # Freeze the decrypted field value so that it is not modified directly
         def #{decrypted_name}=(value)
-          v = SymmetricEncryption::coerce(value, :#{type})
+          v = SymmetricEncryption::Coerce.coerce(value, :#{type})
           self.#{encrypted_name} = @stored_#{encrypted_name} = ::SymmetricEncryption.encrypt(v,#{random_iv},#{compress},:#{type})
           @#{decrypted_name} = v.freeze
         end
@@ -40,6 +40,10 @@ module SymmetricEncryption
           @#{decrypted_name}
         end
 
+        # Map changes to encrypted value to unencrypted equivalent
+        def #{decrypted_name}_changed?
+          #{encrypted_name}_changed?
+        end
       EOS
     end
   end

data/lib/symmetric_encryption/railtie.rb

@@ -17,7 +17,7 @@ module SymmetricEncryption #:nodoc:
     config.symmetric_encryption = ::SymmetricEncryption
 
     rake_tasks do
-      load "symmetric_encryption/railties/symmetric_encryption.rake"
+      load 'symmetric_encryption/railties/symmetric_encryption.rake'
     end
 
     # Initialize Symmetry. This will look for a symmetry.yml in the config
@@ -35,9 +35,9 @@ module SymmetricEncryption #:nodoc:
     config.before_configuration do
       # Check if already configured
       unless ::SymmetricEncryption.cipher?
-        config_file = Rails.root.join("config", "symmetric-encryption.yml")
+        config_file = Rails.root.join('config', 'symmetric-encryption.yml')
         if config_file.file?
-          ::SymmetricEncryption.load!(config_file, Rails.env)
+          ::SymmetricEncryption::Config.load!(config_file, Rails.env)
         else
           puts "\nSymmetric Encryption config not found."
           puts "To generate one for the first time: rails generate symmetric_encryption:config\n\n"

data/lib/symmetric_encryption/railties/symmetric_encryption.rake

@@ -17,11 +17,11 @@ namespace :symmetric_encryption do
     password2 = 0
 
     while password1 != password2
-      password1 = HighLine.new.ask("Enter the value to encrypt:") { |q| q.echo = "*" }
-      password2 = HighLine.new.ask("Re-enter the value to encrypt:") { |q| q.echo = "*" }
+      password1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
+      password2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
 
       if (password1 != password2)
-        puts "Passwords do not match, please try again"
+        puts 'Passwords do not match, please try again'
       end
     end
     puts "\nEncrypted: #{SymmetricEncryption.encrypt(password1)}\n\n"
@@ -51,7 +51,7 @@ namespace :symmetric_encryption do
       end
       puts "\n#{output_filename} now contains the decrypted contents of #{input_filename}\n\n"
     else
-      puts "Missing input and/or output filename. Usage:"
+      puts 'Missing input and/or output filename. Usage:'
       puts '  INFILE="encrypted_filename" OUTFILE="filename" rake symmetric_encryption:decrypt_file'
     end
   end
@@ -74,9 +74,9 @@ namespace :symmetric_encryption do
       end
       puts "\n#{output_filename} now contains the encrypted #{"and compressed " if compress}contents of #{input_filename}\n\n"
     else
-      puts "Missing input and/or output filename. Usage:"
+      puts 'Missing input and/or output filename. Usage:'
       puts '  INFILE="filename" OUTFILE="encrypted_filename" rake symmetric_encryption:encrypt_file'
-      puts "To compress the file before encrypting:"
+      puts 'To compress the file before encrypting:'
       puts '  COMPRESS=1 INFILE="filename" OUTFILE="encrypted_filename" rake symmetric_encryption:encrypt_file'
     end
   end

data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb

@@ -13,6 +13,6 @@
 #  #  => true
 class SymmetricEncryptionValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
-    record.errors.add(attribute, "must be a value encrypted using SymmetricEncryption.encrypt") unless SymmetricEncryption.encrypted?(value)
+    record.errors.add(attribute, 'must be a value encrypted using SymmetricEncryption.encrypt') unless SymmetricEncryption.encrypted?(value)
   end
 end

data/lib/symmetric_encryption/reader.rb

@@ -94,12 +94,12 @@ module SymmetricEncryption
     # Returns [true|false] whether the file or stream contains any data
     # excluding the header should it have one
     def self.empty?(filename_or_stream)
-      open(filename_or_stream) {|file| file.eof? }
+      open(filename_or_stream) { |file| file.eof? }
     end
 
     # Returns [true|false] whether the file contains the encryption header
     def self.header_present?(filename)
-      ::File.open(filename, 'rb') {|file| new(file).header_present?}
+      ::File.open(filename, 'rb') { |file| new(file).header_present? }
     end
 
     # After opening a file Returns [true|false] whether the file being
@@ -109,7 +109,7 @@ module SymmetricEncryption
     end
 
     # Decrypt data before reading from the supplied stream
-    def initialize(ios,options={})
+    def initialize(ios, options={})
       @ios            = ios
       @buffer_size    = options.fetch(:buffer_size, 4096).to_i
       @version        = options[:version]
@@ -193,12 +193,12 @@ module SymmetricEncryption
         elsif @read_buffer.length > length
           data = @read_buffer.slice!(0..length-1)
         else
-          data = @read_buffer
+          data         = @read_buffer
           @read_buffer = ''
         end
       else
         # Capture anything already in the buffer
-        data = @read_buffer
+        data         = @read_buffer
         @read_buffer = ''
 
         if !@ios.eof?
@@ -216,14 +216,14 @@ module SymmetricEncryption
     # Raises EOFError on eof
     # The stream must be opened for reading or an IOError will be raised.
     def readline(sep_string = "\n")
-      gets(sep_string) || raise(EOFError.new("End of file reached when trying to read a line"))
+      gets(sep_string) || raise(EOFError.new('End of file reached when trying to read a line'))
     end
 
     # Reads a single decrypted line from the file up to and including the optional sep_string.
     # A sep_string of nil reads the entire contents of the file
     # Returns nil on eof
     # The stream must be opened for reading or an IOError will be raised.
-    def gets(sep_string,length=nil)
+    def gets(sep_string, length=nil)
       return read(length) if sep_string.nil?
 
       # Read more data until we get the sep_string
@@ -232,8 +232,8 @@ module SymmetricEncryption
         read_block
       end
       index ||= -1
-      data = @read_buffer.slice!(0..index)
-      @pos += data.length
+      data  = @read_buffer.slice!(0..index)
+      @pos  += data.length
       return nil if data.length == 0 && eof?
       data
     end
@@ -300,7 +300,7 @@ module SymmetricEncryption
         size = 0
         while !eof
           read_block
-          size += @read_buffer.size
+          size         += @read_buffer.size
           @read_buffer = ''
         end
         rewind
@@ -316,13 +316,15 @@ module SymmetricEncryption
 
     # Read the header from the file if present
     def read_header
-      @pos = 0
+      @pos              = 0
 
       # Read first block and check for the header
-      buf = @ios.read(@buffer_size)
+      buf               = @ios.read(@buffer_size)
 
       # Use cipher specified in header, or global cipher if it has no header
-      iv, key, cipher_name, decryption_cipher = nil
+      iv, key           = nil
+      cipher_name       = nil
+      decryption_cipher = nil
       if header = SymmetricEncryption::Cipher.parse_header!(buf)
         @header_present   = true
         @compressed       = header.compressed
@@ -340,7 +342,7 @@ module SymmetricEncryption
       @stream_cipher = ::OpenSSL::Cipher.new(cipher_name)
       @stream_cipher.decrypt
       @stream_cipher.key = key || decryption_cipher.send(:key)
-      @stream_cipher.iv = iv || decryption_cipher.iv
+      @stream_cipher.iv  = iv || decryption_cipher.iv
 
       # First call to #update should return an empty string anyway
       if buf && buf.length > 0

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -10,9 +10,9 @@ require 'erb'
 module SymmetricEncryption
 
   # Defaults
-  @@cipher = nil
+  @@cipher            = nil
   @@secondary_ciphers = []
-  @@select_cipher = nil
+  @@select_cipher     = nil
 
   # List of types supported when encrypting or decrypting data
   #
@@ -26,7 +26,7 @@ module SymmetricEncryption
   #   :date      => Date
   #   :json      => Uses JSON serialization, useful for hashes and arrays
   #   :yaml      => Uses YAML serialization, useful for hashes and arrays
-  COERCION_TYPES = [:string, :integer, :float, :decimal, :datetime, :time, :date, :boolean, :json, :yaml]
+  COERCION_TYPES      = [:string, :integer, :float, :decimal, :datetime, :time, :date, :boolean, :json, :yaml]
 
   # Set the Primary Symmetric Cipher to be used
   #
@@ -49,7 +49,7 @@ module SymmetricEncryption
   def self.cipher(version = nil)
     raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
     return @@cipher if version.nil? || (@@cipher.version == version)
-    secondary_ciphers.find {|c| c.version == version} || (@@cipher if version == 0)
+    secondary_ciphers.find { |c| c.version == version } || (@@cipher if version == 0)
   end
 
   # Returns whether a primary cipher has been set
@@ -59,9 +59,9 @@ module SymmetricEncryption
 
   # Set the Secondary Symmetric Ciphers Array to be used
   def self.secondary_ciphers=(secondary_ciphers)
-    raise(ArgumentError, "secondary_ciphers must be a collection") unless secondary_ciphers.respond_to? :each
+    raise(ArgumentError, 'secondary_ciphers must be a collection') unless secondary_ciphers.respond_to? :each
     secondary_ciphers.each do |cipher|
-      raise(ArgumentError, "secondary_ciphers can only consist of SymmetricEncryption::Ciphers") unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
+      raise(ArgumentError, 'secondary_ciphers can only consist of SymmetricEncryption::Ciphers') unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
     end
     @@secondary_ciphers = secondary_ciphers
   end
@@ -109,28 +109,27 @@ module SymmetricEncryption
     raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
     return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
 
-    str = encrypted_and_encoded_string.to_s
+    str     = encrypted_and_encoded_string.to_s
 
     # Decode before decrypting supplied string
     decoded = @@cipher.decode(str)
     return unless decoded
     return decoded if decoded.empty?
 
-    decrypted = if header = Cipher.parse_header!(decoded)
-      header.decryption_cipher.binary_decrypt(decoded, header)
-    else
-      # Use cipher_selector if present to decide which cipher to use
-      c = @@select_cipher.nil? ? cipher(version) : @@select_cipher.call(str, decoded)
-      c.binary_decrypt(decoded)
-    end
-
-    if defined?(Encoding)
-      # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
-      unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
-        decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+    decrypted =
+      if header = Cipher.parse_header!(decoded)
+        header.decryption_cipher.binary_decrypt(decoded, header)
+      else
+        # Use cipher_selector if present to decide which cipher to use
+        c = @@select_cipher.nil? ? cipher(version) : @@select_cipher.call(str, decoded)
+        c.binary_decrypt(decoded)
       end
+
+    # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
+    unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+      decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
     end
-    coerce_from_string(decrypted, type)
+    Coerce.coerce_from_string(decrypted, type)
   end
 
   # AES Symmetric Encryption of supplied string
@@ -179,7 +178,7 @@ module SymmetricEncryption
     raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
 
     # Encrypt and then encode the supplied string
-    @@cipher.encrypt(coerce_to_string(str, type), random_iv, compress)
+    @@cipher.encrypt(Coerce.coerce_to_string(str, type), random_iv, compress)
   end
 
   # Invokes decrypt
@@ -255,10 +254,7 @@ module SymmetricEncryption
   #    Which environments config to load. Usually: production, development, etc.
   #    Default: Rails.env
   def self.load!(filename=nil, environment=nil)
-    ciphers = read_config(filename, environment)
-    @@cipher = ciphers.shift
-    @@secondary_ciphers = ciphers
-    true
+    Config.load!(filename, environment)
   end
 
   # Generate new random symmetric keys for use with this Encryption library
@@ -266,53 +262,16 @@ module SymmetricEncryption
   # Note: Only the current Encryption key settings are used
   #
   # Creates Symmetric Key .key
-  #   and initilization vector .iv
+  #   and initialization vector .iv
   #       which is encrypted with the above Public key
   #
   # Existing key files will be renamed if present
   def self.generate_symmetric_key_files(filename=nil, environment=nil)
-    config_filename = filename || File.join(Rails.root, "config", "symmetric-encryption.yml")
-    config = YAML.load(ERB.new(File.new(config_filename).read).result)[environment || Rails.env]
-
-    # RSA key to decrypt key files
-    private_rsa_key = config.delete('private_rsa_key')
-    raise(SymmetricEncryption::ConfigError, "The configuration file must contain a 'private_rsa_key' parameter to generate symmetric keys") unless private_rsa_key
-    rsa_key = OpenSSL::PKey::RSA.new(private_rsa_key)
-
-    # Check if config file contains 1 or multiple ciphers
-    ciphers = config.delete('ciphers')
-    cfg = ciphers.nil? ? config : ciphers.first
-
-    # Convert keys to symbols
-    cipher_cfg = {}
-    cfg.each_pair{|k,v| cipher_cfg[k.to_sym] = v}
-
-    cipher_name = cipher_cfg[:cipher_name] || cipher_cfg[:cipher]
-
-    # Generate a new Symmetric Key pair
-    iv_filename = cipher_cfg[:iv_filename]
-    key_pair = SymmetricEncryption::Cipher.random_key_pair(cipher_name || 'aes-256-cbc')
-
-    if key_filename = cipher_cfg[:key_filename]
-      # Save symmetric key after encrypting it with the private RSA key, backing up existing files if present
-      File.rename(key_filename, "#{key_filename}.#{Time.now.to_i}") if File.exist?(key_filename)
-      File.open(key_filename, 'wb') {|file| file.write( rsa_key.public_encrypt(key_pair[:key]) ) }
-      puts("Generated new Symmetric Key for encryption. Please copy #{key_filename} to the other web servers in #{environment}.")
-    elsif !cipher_cfg[:key]
-      key = rsa_key.public_encrypt(key_pair[:key])
-      puts "Generated new Symmetric Key for encryption. Set the KEY environment variable in #{environment} to:"
-      puts ::Base64.encode64(key)
-    end
+    config        = Config.read_config(filename, environment)
 
-    if iv_filename
-      File.rename(iv_filename, "#{iv_filename}.#{Time.now.to_i}") if File.exist?(iv_filename)
-      File.open(iv_filename, 'wb') {|file| file.write( rsa_key.public_encrypt(key_pair[:iv]) ) }
-      puts("Generated new Symmetric Key for encryption. Please copy #{iv_filename} to the other web servers in #{environment}.")
-    elsif !cipher_cfg[:iv]
-      iv = rsa_key.public_encrypt(key_pair[:iv])
-      puts "Generated new Symmetric Key for encryption. Set the IV environment variable in #{environment} to:"
-      puts ::Base64.encode64(iv)
-    end
+    # Only regenerating the first configured cipher
+    cipher_config = config[:ciphers].first
+    Cipher.generate_random_keys({environment: environment, private_rsa_key: config[:private_rsa_key]}.merge(cipher_config))
   end
 
   # Generate a 22 character random password
@@ -323,225 +282,11 @@ module SymmetricEncryption
   # Binary encrypted data includes this magic header so that we can quickly
   # identify binary data versus base64 encoded data that does not have this header
   unless defined? MAGIC_HEADER
-    MAGIC_HEADER = '@EnC'
-    MAGIC_HEADER_SIZE = MAGIC_HEADER.size
+    MAGIC_HEADER        = '@EnC'
+    MAGIC_HEADER_SIZE   = MAGIC_HEADER.size
     MAGIC_HEADER_UNPACK = "a#{MAGIC_HEADER_SIZE}v"
   end
 
-  protected
-
-  # Returns [Array(SymmetricEncrytion::Cipher)] ciphers specified in the configuration file
-  #
-  # Read the configuration from the YAML file and return in the latest format
-  #
-  #  filename:
-  #    Name of file to read.
-  #        Mandatory for non-Rails apps
-  #        Default: Rails.root/config/symmetric-encryption.yml
-  #  environment:
-  #    Which environments config to load. Usually: production, development, etc.
-  def self.read_config(filename=nil, environment=nil)
-    config_filename = filename || File.join(Rails.root, "config", "symmetric-encryption.yml")
-    config = YAML.load(ERB.new(File.new(config_filename).read).result)[environment || Rails.env]
-
-    # RSA key to decrypt key files
-    private_rsa_key = config.delete('private_rsa_key')
-
-    if ciphers = config.delete('ciphers')
-      ciphers.collect {|cipher_conf| cipher_from_config(cipher_conf, private_rsa_key)}
-    else
-      [cipher_from_config(config, private_rsa_key)]
-    end
-  end
-
-  # Returns an instance of SymmetricEncryption::Cipher created from
-  # the supplied configuration and optional rsa_encryption_key
-  #
-  # Raises an Exception on failure
-  #
-  # Parameters:
-  #   cipher_conf Hash:
-  #     :cipher_name
-  #       Encryption cipher name for the symmetric encryption key
-  #
-  #     :version
-  #       The version number of this cipher
-  #       Default: 0
-  #
-  #     :encoding [Symbol]
-  #       Encoding to use after encrypting with this cipher
-  #
-  #     :always_add_header
-  #       Whether to always include the header when encrypting data.
-  #       Highly recommended to set this value to true.
-  #       Increases the length of the encrypted data by 6 bytes, but makes
-  #       migration to a new key trivial
-  #       Default: false
-  #
-  #     :key
-  #       The actual key to use for encryption/decryption purposes
-  #
-  #     :key_filename
-  #       Name of file containing symmetric key encrypted using the public
-  #       key from the private_rsa_key
-  #
-  #     :encrypted_key
-  #       Symmetric key encrypted using the public key from the private_rsa_key
-  #       and then Base64 encoded
-  #
-  #     :iv
-  #       Optional: The actual iv to use for encryption/decryption purposes
-  #
-  #     :encrypted_iv
-  #       Initialization vector encrypted using the public key from the private_rsa_key
-  #       and then Base64 encoded
-  #
-  #     :iv_filename
-  #       Optional: Name of file containing symmetric key initialization vector
-  #       encrypted using the public key from the private_rsa_key
-  #
-  #   private_rsa_key [String]
-  #     RSA Key used to decrypt key and iv as applicable
-  def self.cipher_from_config(cipher_conf, private_rsa_key=nil)
-    config = {}
-    cipher_conf.each_pair{|k,v| config[k.to_sym] = v}
-
-    # To decrypt encrypted key or iv files
-    rsa = OpenSSL::PKey::RSA.new(private_rsa_key) if private_rsa_key
-
-    # Load Encrypted Symmetric keys
-    if key_filename = config.delete(:key_filename)
-      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :key_filename is supplied") unless rsa
-      encrypted_key = begin
-        File.open(key_filename, 'rb'){|f| f.read}
-      rescue Errno::ENOENT
-        puts "\nSymmetric Encryption key file: '#{key_filename}' not found or readable."
-        puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
-        return
-      end
-      config[:key] = rsa.private_decrypt(encrypted_key)
-    end
-
-    if iv_filename = config.delete(:iv_filename)
-      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :iv_filename is supplied") unless rsa
-      encrypted_iv = begin
-        File.open(iv_filename, 'rb'){|f| f.read} if iv_filename
-      rescue Errno::ENOENT
-        puts "\nSymmetric Encryption initialization vector file: '#{iv_filename}' not found or readable."
-        puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
-        return
-      end
-      config[:iv] = rsa.private_decrypt(encrypted_iv)
-    end
-
-    if encrypted_key = config.delete(:encrypted_key)
-      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :encrypted_key is supplied") unless rsa
-      # Decode value first using encoding specified
-      encrypted_key = ::Base64.decode64(encrypted_key)
-      if !encrypted_key || encrypted_key.empty?
-        puts "\nSymmetric Encryption encrypted_key not found."
-        puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
-        return
-      end
-      config[:key] = rsa.private_decrypt(encrypted_key)
-    end
-
-    if encrypted_iv = config.delete(:encrypted_iv)
-      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :encrypted_iv is supplied") unless rsa
-      # Decode value first using encoding specified
-      encrypted_iv = ::Base64.decode64(encrypted_iv)
-      if !encrypted_key || encrypted_key.empty?
-        puts "\nSymmetric Encryption encrypted_iv not found."
-        puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
-        return
-      end
-      config[:iv] = rsa.private_decrypt(encrypted_iv)
-    end
-
-    # Backward compatibility
-    if old_key_name_cipher = config.delete(:cipher)
-      config[:cipher_name] = old_key_name_cipher
-    end
-
-    # Decrypt Symmetric Keys
-    Cipher.new(config)
-  end
-
-  # Coerce given value into given type
-  # Does not coerce json or yaml values
-  def self.coerce(value, type, from_type=nil)
-    return if value.nil? || (value.is_a?(String) && (value !~ /[^[:space:]]/))
-
-    from_type ||= value.class
-    case type
-    when :json
-      value
-    when :yaml
-      value
-    else
-      coercer = Coercible::Coercer.new
-      coercer[from_type].send("to_#{type}".to_sym, value)
-    end
-  end
-
-  # Uses coercible gem to coerce values from strings into the target type
-  # Note: if the type is :string, then the value is returned as is, and the
-  #   coercible gem is not used at all.
-  def self.coerce_from_string(value, type)
-    return if value.nil?
-    case type
-    when :string
-      value
-    when :json
-      JSON.load(value)
-    when :yaml
-      YAML.load(value)
-    else
-      self.coerce(value, type, String)
-    end
-  end
-
-  # Uses coercible gem to coerce values to strings from the specified type
-  # Note: if the type is :string, and value is not nil, then #to_s is called
-  #   on the value and the coercible gem is not used at all.
-  def self.coerce_to_string(value, type)
-    return if value.nil?
-
-    case type
-    when :string
-      value.to_s
-    when :json
-      value.to_json
-    when :yaml
-      value.to_yaml
-    else
-      self.coerce(value, :string, coercion_type(type, value))
-    end
-  end
-
-  # Returns the correct coercion type to use for the specified symbol and value
-  def self.coercion_type(symbol, value)
-    if symbol == :boolean
-      value.class
-    else
-      COERCION_TYPE_MAP[symbol]
-    end
-  end
-
-  COERCION_TYPE_MAP = {
-    string:   String,
-    integer:  Integer,
-    float:    Float,
-    decimal:  BigDecimal,
-    datetime: DateTime,
-    time:     Time,
-    date:     Date
-  }
-
-  # With Ruby 1.9 strings have encodings
-  if defined?(Encoding)
-    BINARY_ENCODING = Encoding.find("binary")
-    UTF8_ENCODING = Encoding.find("UTF-8")
-  end
-
+  BINARY_ENCODING = Encoding.find('binary')
+  UTF8_ENCODING   = Encoding.find('UTF-8')
 end