symmetric-encryption 4.3.0 → 4.4.0

data/lib/symmetric_encryption/keystore/heroku.rb

@@ -15,7 +15,7 @@ module SymmetricEncryption
         puts "\n\n********************************************************************************"
         puts "Add the environment key to Heroku:\n\n"
         puts "  heroku config:add #{key_env_var}=#{encoder.encode(encrypted_key)}"
-        puts '********************************************************************************'
+        puts "********************************************************************************"
       end
     end
   end

data/lib/symmetric_encryption/keystore/memory.rb

@@ -12,10 +12,10 @@ module SymmetricEncryption
       # Notes:
       # * For development and testing purposes only!!
       # * Never store the encrypted encryption key in the source code / config file.
-      def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **args)
+      def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
         version >= 255 ? (version = 1) : (version += 1)
 
-        kek   = SymmetricEncryption::Key.new(cipher_name: cipher_name)
+        kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
         dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
 
         encrypted_key = new(key_encrypting_key: kek).write(dek.key)
@@ -35,7 +35,7 @@ module SymmetricEncryption
 
       # Stores the Encryption key in a string.
       # Secures the Encryption key by encrypting it with a key encryption key.
-      def initialize(encrypted_key: nil, key_encrypting_key:)
+      def initialize(key_encrypting_key:, encrypted_key: nil)
         @encrypted_key      = encrypted_key
         @key_encrypting_key = key_encrypting_key
       end

data/lib/symmetric_encryption/keystore.rb

@@ -2,12 +2,12 @@ module SymmetricEncryption
   # Encryption keys are secured in Keystores
   module Keystore
     # @formatter:off
-    autoload :Aws,         'symmetric_encryption/keystore/aws'
-    autoload :Environment, 'symmetric_encryption/keystore/environment'
-    autoload :Gcp,         'symmetric_encryption/keystore/gcp'
-    autoload :File,        'symmetric_encryption/keystore/file'
-    autoload :Heroku,      'symmetric_encryption/keystore/heroku'
-    autoload :Memory,      'symmetric_encryption/keystore/memory'
+    autoload :Aws,         "symmetric_encryption/keystore/aws"
+    autoload :Environment, "symmetric_encryption/keystore/environment"
+    autoload :Gcp,         "symmetric_encryption/keystore/gcp"
+    autoload :File,        "symmetric_encryption/keystore/file"
+    autoload :Heroku,      "symmetric_encryption/keystore/heroku"
+    autoload :Memory,      "symmetric_encryption/keystore/memory"
     # @formatter:on
 
     # Returns [Hash] a new keystore configuration after generating data keys for each environment.
@@ -56,7 +56,7 @@ module SymmetricEncryption
     # Notes:
     # * iv_filename is no longer supported and is removed when creating a new random cipher.
     #     * `iv` does not need to be encrypted and is included in the clear.
-    def self.rotate_keys!(full_config, environments: [], app_name:, rolling_deploy: false, keystore: nil)
+    def self.rotate_keys!(full_config, app_name:, environments: [], rolling_deploy: false, keystore: nil)
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -69,7 +69,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key] || config[:private_rsa_key]
 
-        cipher_name = config[:cipher_name] || 'aes-256-cbc'
+        cipher_name = config[:cipher_name] || "aes-256-cbc"
 
         keystore_class = keystore ? constantize_symbol(keystore) : keystore_for(config)
 
@@ -80,7 +80,7 @@ module SymmetricEncryption
           environment: environment
         }
         args[:key_path] = ::File.dirname(config[:key_filename]) if config.key?(:key_filename)
-        new_data_key    = keystore_class.generate_data_key(args)
+        new_data_key    = keystore_class.generate_data_key(**args)
 
         # Add as second key so that key can be published now and only used in a later deploy.
         if rolling_deploy
@@ -95,7 +95,7 @@ module SymmetricEncryption
     # Rotates just the key encrypting keys for the current cipher version.
     # The existing data encryption key is not changed, it is secured using the
     # new key encrypting keys.
-    def self.rotate_key_encrypting_keys!(full_config, environments: [], app_name:)
+    def self.rotate_key_encrypting_keys!(full_config, app_name:, environments: [])
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -105,7 +105,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key]
 
-        version  = config.delete(:version) || 1
+        version = config.delete(:version) || 1
         version -= 1
 
         always_add_header = config.delete(:always_add_header)
@@ -144,9 +144,9 @@ module SymmetricEncryption
         ciphers:
                  [
                    {
-                     key:         '1234567890ABCDEF',
-                     iv:          '1234567890ABCDEF',
-                     cipher_name: 'aes-128-cbc',
+                     key:         "1234567890ABCDEF",
+                     iv:          "1234567890ABCDEF",
+                     cipher_name: "aes-128-cbc",
                      version:     1
                    }
                  ]
@@ -156,7 +156,7 @@ module SymmetricEncryption
     # Returns [Key] by recursively navigating the config tree.
     #
     # Supports N level deep key encrypting keys.
-    def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc', keystore: nil, version: 0, **args)
+    def self.read_key(iv:, key: nil, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
       if key_encrypting_key.is_a?(Hash)
         # Recurse up the chain returning the parent key_encrypting_key
         key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)
@@ -185,11 +185,11 @@ module SymmetricEncryption
       elsif config[:key_env_var]
         Keystore::Environment
       else
-        raise(ArgumentError, 'Unknown keystore supplied in config')
+        raise(ArgumentError, "Unknown keystore supplied in config")
       end
     end
 
-    def self.constantize_symbol(symbol, namespace = 'SymmetricEncryption::Keystore')
+    def self.constantize_symbol(symbol, namespace = "SymmetricEncryption::Keystore")
       klass = "#{namespace}::#{camelize(symbol.to_s)}"
       begin
         Object.const_get(klass)
@@ -202,8 +202,8 @@ module SymmetricEncryption
     def self.camelize(term)
       string = term.to_s
       string = string.sub(/^[a-z\d]*/, &:capitalize)
-      string.gsub!(/(?:_|(\/))([a-z\d]*)/i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
-      string.gsub!('/'.freeze, '::'.freeze)
+      string.gsub!(%r{(?:_|(/))([a-z\d]*)}i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
+      string.gsub!("/".freeze, "::".freeze)
       string
     end
 
@@ -220,12 +220,12 @@ module SymmetricEncryption
 
       # Migrate old encrypted_iv
       if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
-        encrypted_iv   = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
-        config[:iv]    = ::Base64.decode64(encrypted_iv)
+        encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
+        config[:iv]  = ::Base64.decode64(encrypted_iv)
       end
 
       # Migrate old iv_filename
-      if (file_name  = config.delete(:iv_filename)) && private_rsa_key
+      if (file_name = config.delete(:iv_filename)) && private_rsa_key
         encrypted_iv = ::File.read(file_name)
         config[:iv]  = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
       end
@@ -234,7 +234,7 @@ module SymmetricEncryption
       config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
 
       # Migrate old encrypted_key to new binary format
-      if (encrypted_key        = config[:encrypted_key]) && private_rsa_key
+      if (encrypted_key = config[:encrypted_key]) && private_rsa_key
         config[:encrypted_key] = ::Base64.decode64(encrypted_key)
       end
     end

data/lib/symmetric_encryption/railtie.rb

@@ -29,23 +29,24 @@ module SymmetricEncryption #:nodoc:
     config.before_configuration do
       # Check if already configured
       unless ::SymmetricEncryption.cipher?
-        app_name    = Rails::Application.subclasses.first.parent.to_s.underscore
-        env_var     = ENV['SYMMETRIC_ENCRYPTION_CONFIG']
-        config_file =
+        parent_method = Module.method_defined?(:module_parent) ? "module_parent" : "parent"
+        app_name      = Rails::Application.subclasses.first.send(parent_method).to_s.underscore
+        env_var       = ENV["SYMMETRIC_ENCRYPTION_CONFIG"]
+        config_file   =
           if env_var
             Pathname.new(File.expand_path(env_var))
           else
-            Rails.root.join('config', 'symmetric-encryption.yml')
+            Rails.root.join("config", "symmetric-encryption.yml")
           end
 
         if config_file.file?
           begin
-            ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV['SYMMETRIC_ENCRYPTION_ENV'] || Rails.env)
-          rescue ArgumentError => exc
+            ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV["SYMMETRIC_ENCRYPTION_ENV"] || Rails.env)
+          rescue ArgumentError => e
             puts "\nSymmetric Encryption not able to read keys."
-            puts "#{exc.class.name} #{exc.message}"
+            puts "#{e.class.name} #{e.message}"
             puts "To generate a new config file and key files: symmetric-encryption --generate --app-name #{app_name}\n\n"
-            raise(exc)
+            raise(e)
           end
         end
 

data/lib/symmetric_encryption/railties/mongoid_encrypted.rb

@@ -1,4 +1,4 @@
-require 'mongoid'
+require "mongoid"
 # Add :encrypted option for Mongoid models
 #
 # Example:
@@ -95,12 +95,13 @@ Mongoid::Fields.option :encrypted do |model, field, options|
 
     # Support overriding the name of the decrypted attribute
     decrypted_field_name = options.delete(:decrypt_as)
-    if decrypted_field_name.nil? && encrypted_field_name.to_s.start_with?('encrypted_')
-      decrypted_field_name = encrypted_field_name.to_s['encrypted_'.length..-1]
+    if decrypted_field_name.nil? && encrypted_field_name.to_s.start_with?("encrypted_")
+      decrypted_field_name = encrypted_field_name.to_s["encrypted_".length..-1]
     end
 
     if decrypted_field_name.nil?
-      raise(ArgumentError, "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
+      raise(ArgumentError,
+            "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
     end
 
     SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)

data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb

@@ -15,6 +15,6 @@ class SymmetricEncryptionValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
     return if value.blank? || SymmetricEncryption.encrypted?(value)
 
-    record.errors.add(attribute, 'must be a value encrypted using SymmetricEncryption.encrypt')
+    record.errors.add(attribute, "must be a value encrypted using SymmetricEncryption.encrypt")
   end
 end

data/lib/symmetric_encryption/reader.rb

@@ -1,4 +1,4 @@
-require 'openssl'
+require "openssl"
 
 module SymmetricEncryption
   # Read from encrypted files and other IO streams
@@ -60,7 +60,7 @@ module SymmetricEncryption
     #   csv.close if csv
     # end
     def self.open(file_name_or_stream, buffer_size: 16_384, **args, &block)
-      ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, 'rb') : file_name_or_stream
+      ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, "rb") : file_name_or_stream
 
       begin
         file = new(ios, buffer_size: buffer_size, **args)
@@ -104,7 +104,7 @@ module SymmetricEncryption
 
     # Returns [true|false] whether the file contains the encryption header
     def self.header_present?(file_name)
-      ::File.open(file_name, 'rb') { |file| new(file).header_present? }
+      ::File.open(file_name, "rb") { |file| new(file).header_present? }
     end
 
     # After opening a file Returns [true|false] whether the file being
@@ -120,9 +120,9 @@ module SymmetricEncryption
       @version        = version
       @header_present = false
       @closed         = false
-      @read_buffer    = ''.b
+      @read_buffer    = "".b
 
-      raise(ArgumentError, 'Buffer size cannot be smaller than 128') unless @buffer_size >= 128
+      raise(ArgumentError, "Buffer size cannot be smaller than 128") unless @buffer_size >= 128
 
       read_header
     end
@@ -185,10 +185,10 @@ module SymmetricEncryption
     # At end of file, it returns nil if no more data is available, or the last
     # remaining bytes
     def read(length = nil, outbuf = nil)
-      data             = outbuf.to_s.clear
+      data             = outbuf.nil? ? "" : outbuf.clear
       remaining_length = length
 
-      until remaining_length == 0 || eof?
+      until remaining_length&.zero? || eof?
         read_block(remaining_length) if @read_buffer.empty?
 
         if remaining_length && remaining_length < @read_buffer.length
@@ -209,7 +209,7 @@ module SymmetricEncryption
     # Raises EOFError on eof
     # The stream must be opened for reading or an IOError will be raised.
     def readline(sep_string = "\n")
-      gets(sep_string) || raise(EOFError, 'End of file reached when trying to read a line')
+      gets(sep_string) || raise(EOFError, "End of file reached when trying to read a line")
     end
 
     # Reads a single decrypted line from the file up to and including the optional sep_string.
@@ -226,8 +226,8 @@ module SymmetricEncryption
         read_block
       end
       index ||= -1
-      data    = @read_buffer.slice!(0..index)
-      @pos   += data.length
+      data = @read_buffer.slice!(0..index)
+      @pos += data.length
       return nil if data.empty? && eof?
 
       data
@@ -310,7 +310,7 @@ module SymmetricEncryption
       @pos = 0
 
       # Read first block and check for the header
-      buf = @ios.read(@buffer_size, @output_buffer ||= ''.b)
+      buf = @ios.read(@buffer_size, @output_buffer ||= "".b)
 
       # Use cipher specified in header, or global cipher if it has no header
       iv, key, cipher_name, cipher = nil
@@ -340,7 +340,7 @@ module SymmetricEncryption
 
     # Read a block of data and append the decrypted data in the read buffer
     def read_block(length = nil)
-      buf = @ios.read(length || @buffer_size, @output_buffer ||= ''.b)
+      buf = @ios.read(length || @buffer_size, @output_buffer ||= "".b)
       decrypt(buf)
     end
 
@@ -356,7 +356,7 @@ module SymmetricEncryption
       def decrypt(buf)
         return if buf.nil? || buf.empty?
 
-        @read_buffer << @stream_cipher.update(buf, @cipher_buffer ||= ''.b)
+        @read_buffer << @stream_cipher.update(buf, @cipher_buffer ||= "".b)
         @read_buffer << @stream_cipher.final if @ios.eof?
       end
     end

data/lib/symmetric_encryption/rsa_key.rb

@@ -1,4 +1,4 @@
-require 'openssl'
+require "openssl"
 module SymmetricEncryption
   # DEPRECATED - Internal use only
   class RSAKey

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -1,8 +1,8 @@
-require 'base64'
-require 'openssl'
-require 'zlib'
-require 'yaml'
-require 'erb'
+require "base64"
+require "openssl"
+require "zlib"
+require "yaml"
+require "erb"
 
 # Encrypt using 256 Bit AES CBC symmetric key and initialization vector
 # The symmetric key is protected using the private key below and must
@@ -32,7 +32,9 @@ module SymmetricEncryption
   #     cipher: 'aes-128-cbc'
   #   )
   def self.cipher=(cipher)
-    raise(ArgumentError, 'Cipher must respond to :encrypt and :decrypt') unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
+    unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
+      raise(ArgumentError, "Cipher must respond to :encrypt and :decrypt")
+    end
 
     @cipher = cipher
   end
@@ -45,7 +47,7 @@ module SymmetricEncryption
     unless cipher?
       raise(
         SymmetricEncryption::ConfigError,
-        'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data'
+        "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data"
       )
     end
 
@@ -61,10 +63,12 @@ module SymmetricEncryption
 
   # Set the Secondary Symmetric Ciphers Array to be used
   def self.secondary_ciphers=(secondary_ciphers)
-    raise(ArgumentError, 'secondary_ciphers must be a collection') unless secondary_ciphers.respond_to? :each
+    raise(ArgumentError, "secondary_ciphers must be a collection") unless secondary_ciphers.respond_to? :each
 
     secondary_ciphers.each do |cipher|
-      raise(ArgumentError, 'secondary_ciphers can only consist of SymmetricEncryption::Ciphers') unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
+      unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
+        raise(ArgumentError, "secondary_ciphers can only consist of SymmetricEncryption::Ciphers")
+      end
     end
     @secondary_ciphers = secondary_ciphers
   end
@@ -121,7 +125,7 @@ module SymmetricEncryption
   #       the incorrect key. Clearly the data returned is garbage, but it still
   #       successfully returns a string of data
   def self.decrypt(encrypted_and_encoded_string, version: nil, type: :string)
-    return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
+    return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == "")
 
     str = encrypted_and_encoded_string.to_s
 
@@ -150,14 +154,16 @@ module SymmetricEncryption
       end
 
     # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
-    decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING) unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+    unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+      decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+    end
     Coerce.coerce_from_string(decrypted, type)
   end
 
   # Returns the header for the encrypted string
   # Returns [nil] if no header is present
   def self.header(encrypted_and_encoded_string)
-    return if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
+    return if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == "")
 
     # Decode before decrypting supplied string
     decoded = cipher.encoder.decode(encrypted_and_encoded_string.to_s)
@@ -212,7 +218,7 @@ module SymmetricEncryption
   #       the coercible gem is available in the path.
   #     Default: :string
   def self.encrypt(str, random_iv: SymmetricEncryption.randomize_iv?, compress: false, type: :string, header: cipher.always_add_header)
-    return str if str.nil? || (str == '')
+    return str if str.nil? || (str == "")
 
     # Encrypt and then encode the supplied string
     cipher.encrypt(Coerce.coerce_to_string(str, type), random_iv: random_iv, compress: compress, header: header)
@@ -241,7 +247,7 @@ module SymmetricEncryption
   # * This method only works reliably when the encrypted data includes the symmetric encryption header.
   # * nil and '' are considered "encrypted" so that validations do not blow up on empty values.
   def self.encrypted?(encrypted_data)
-    return false if encrypted_data.nil? || (encrypted_data == '')
+    return false if encrypted_data.nil? || (encrypted_data == "")
 
     @header ||= SymmetricEncryption.cipher.encoded_magic_header
     encrypted_data.to_s.start_with?(@header)
@@ -290,16 +296,16 @@ module SymmetricEncryption
 
   # Generate a Random password
   def self.random_password(size = 22)
-    require 'securerandom' unless defined?(SecureRandom)
+    require "securerandom" unless defined?(SecureRandom)
     SecureRandom.urlsafe_base64(size)
   end
 
-  BINARY_ENCODING = Encoding.find('binary')
-  UTF8_ENCODING   = Encoding.find('UTF-8')
+  BINARY_ENCODING = Encoding.find("binary")
+  UTF8_ENCODING   = Encoding.find("UTF-8")
 
   # Defaults
   @cipher            = nil
   @secondary_ciphers = []
   @select_cipher     = nil
-  @random_iv         = false
+  @randomize_iv      = false
 end

data/lib/symmetric_encryption/utils/aws.rb

@@ -1,5 +1,5 @@
-require 'base64'
-require 'aws-sdk-kms'
+require "base64"
+require "aws-sdk-kms"
 module SymmetricEncryption
   module Utils
     # Wrap the AWS KMS client so that it automatically creates the Customer Master Key,
@@ -13,8 +13,8 @@ module SymmetricEncryption
 
       # TODO: Map to OpenSSL ciphers
       AWS_KEY_SPEC_MAP = {
-        'aes-256-cbc' => 'AES_256',
-        'aes-128-cbc' => 'AES_128'
+        "aes-256-cbc" => "AES_256",
+        "aes-128-cbc" => "AES_128"
       }.freeze
 
       # TODO: Move to Keystore::Aws
@@ -98,12 +98,10 @@ module SymmetricEncryption
 
       private
 
-      attr_reader :client
-
       def whoami
         @whoami ||= `whoami`.strip
       rescue StandardError
-        @whoami = 'unknown'
+        @whoami = "unknown"
       end
 
       # Creates a new Customer Master Key for Symmetric Encryption use.
@@ -111,10 +109,10 @@ module SymmetricEncryption
         # TODO: Add error handling and retry
 
         resp = client.create_key(
-          description: 'Symmetric Encryption for Ruby Customer Masker Key',
+          description: "Symmetric Encryption for Ruby Customer Masker Key",
           tags:        [
-            {tag_key: 'CreatedAt', tag_value: Time.now.to_s},
-            {tag_key: 'CreatedBy', tag_value: whoami}
+            {tag_key: "CreatedAt", tag_value: Time.now.to_s},
+            {tag_key: "CreatedBy", tag_value: whoami}
           ]
         )
         resp.key_metadata.key_id

data/lib/symmetric_encryption/utils/files.rb

@@ -6,7 +6,7 @@ module SymmetricEncryption
       attr_reader :file_name
 
       def read_file_and_decode(file_name)
-        raise(SymmetricEncryption::ConfigError, 'file_name is mandatory for each key_file entry') unless file_name
+        raise(SymmetricEncryption::ConfigError, "file_name is mandatory for each key_file entry") unless file_name
 
         raise(SymmetricEncryption::ConfigError, "File #{file_name} could not be found") unless ::File.exist?(file_name)
 
@@ -31,12 +31,12 @@ module SymmetricEncryption
         key_path = ::File.dirname(file_name)
         ::FileUtils.mkdir_p(key_path) unless ::File.directory?(key_path)
         ::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
-        ::File.open(file_name, 'wb', 0600) { |file| file.write(data) }
+        ::File.open(file_name, "wb", 0o600) { |file| file.write(data) }
       end
 
       # Read from the file, raising an exception if it is not found
       def read_from_file(file_name)
-        ::File.open(file_name, 'rb', &:read)
+        ::File.open(file_name, "rb", &:read)
       rescue Errno::ENOENT
         raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
       end

data/lib/symmetric_encryption/utils/re_encrypt_files.rb

@@ -55,26 +55,26 @@ module SymmetricEncryption
         lines              = File.read(file_name)
         hits, output_lines = re_encrypt_lines(lines)
 
-        File.open(file_name, 'wb') { |file| file.write(output_lines) } if hits.positive?
+        File.open(file_name, "wb") { |file| file.write(output_lines) } if hits.positive?
         hits
       end
 
       # Replaces instances of encrypted data within lines of text with re-encrypted values
       def re_encrypt_lines(lines)
         hits         = 0
-        output_lines = ''
+        output_lines = ""
         r            = regexp
         lines.each_line do |line|
           line.force_encoding(SymmetricEncryption::UTF8_ENCODING)
           output_lines <<
             if line.valid_encoding? && (result = line.match(r))
-              encrypted                        = result[0]
-              new_value                        = re_encrypt(encrypted)
-              if new_value != encrypted
+              encrypted = result[0]
+              new_value = re_encrypt(encrypted)
+              if new_value == encrypted
+                line
+              else
                 hits += 1
                 line.gsub(encrypted, new_value)
-              else
-                line
               end
             else
               line
@@ -117,8 +117,8 @@ module SymmetricEncryption
             begin
               count = re_encrypt_contents(file_name)
               puts "Re-encrypted #{count} encrypted value(s) in: #{file_name}" if count.positive?
-            rescue StandardError => exc
-              puts "Failed re-encrypting the file contents of: #{file_name}. #{exc.class.name}: #{exc.message}"
+            rescue StandardError => e
+              puts "Failed re-encrypting the file contents of: #{file_name}. #{e.class.name}: #{e.message}"
             end
           end
         end
@@ -127,13 +127,13 @@ module SymmetricEncryption
       private
 
       def regexp
-        @regexp ||= /#{SymmetricEncryption.cipher.encoded_magic_header}([A-Za-z0-9+\/]+[=\\n]*)/
+        @regexp ||= %r{#{SymmetricEncryption.cipher.encoded_magic_header}([A-Za-z0-9+/]+[=\\n]*)}
       end
 
       # Returns [Integer] encrypted file key version.
       # Returns [nil] if the file is not encrypted or does not have a header.
       def encrypted_file_version(file_name)
-        ::File.open(file_name, 'rb') do |file|
+        ::File.open(file_name, "rb") do |file|
           reader = SymmetricEncryption::Reader.new(file)
           reader.version if reader.header_present?
         end

data/lib/symmetric_encryption/version.rb

@@ -1,3 +1,3 @@
 module SymmetricEncryption
-  VERSION = '4.3.0'.freeze
+  VERSION = "4.4.0".freeze
 end

data/lib/symmetric_encryption/writer.rb

@@ -1,4 +1,4 @@
-require 'openssl'
+require "openssl"
 
 module SymmetricEncryption
   # Write to encrypted files and other IO streams.
@@ -49,10 +49,10 @@ module SymmetricEncryption
     #  end
     def self.open(file_name_or_stream, compress: nil, **args)
       if file_name_or_stream.is_a?(String)
-        file_name_or_stream = ::File.open(file_name_or_stream, 'wb')
+        file_name_or_stream = ::File.open(file_name_or_stream, "wb")
         compress            = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
-      else
-        compress = true if compress.nil?
+      elsif compress.nil?
+        compress = true
       end
 
       begin
@@ -97,15 +97,22 @@ module SymmetricEncryption
     def initialize(ios, version: nil, cipher_name: nil, header: true, random_key: true, random_iv: true, compress: false)
       # Compress is only used at this point for setting the flag in the header
       @ios = ios
-      raise(ArgumentError, 'When :random_key is true, :random_iv must also be true') if random_key && !random_iv
-      raise(ArgumentError, 'Cannot supply a :cipher_name unless both :random_key and :random_iv are true') if cipher_name && !random_key && !random_iv
+      raise(ArgumentError, "When :random_key is true, :random_iv must also be true") if random_key && !random_iv
+      if cipher_name && !random_key && !random_iv
+        raise(ArgumentError, "Cannot supply a :cipher_name unless both :random_key and :random_iv are true")
+      end
 
       # Cipher to encrypt the random_key, or the entire file
       cipher = SymmetricEncryption.cipher(version)
-      raise(SymmetricEncryption::CipherError, "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers") unless cipher
+      unless cipher
+        raise(SymmetricEncryption::CipherError,
+              "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
+      end
 
       # Force header if compressed or using random iv, key
-      header = Header.new(version: cipher.version, compress: compress, cipher_name: cipher_name) if (header == true) || compress || random_key || random_iv
+      if (header == true) || compress || random_key || random_iv
+        header = Header.new(version: cipher.version, compress: compress, cipher_name: cipher_name)
+      end
 
       @stream_cipher = ::OpenSSL::Cipher.new(cipher_name || cipher.cipher_name)
       @stream_cipher.encrypt
@@ -158,8 +165,8 @@ module SymmetricEncryption
       def write(data)
         return unless data
 
-        bytes   = data.to_s
-        @size  += bytes.size
+        bytes = data.to_s
+        @size += bytes.size
         partial = @stream_cipher.update(bytes)
         @ios.write(partial) unless partial.empty?
         data.length
@@ -168,9 +175,9 @@ module SymmetricEncryption
       def write(data)
         return unless data
 
-        bytes   = data.to_s
-        @size  += bytes.size
-        partial = @stream_cipher.update(bytes, @cipher_buffer ||= ''.b)
+        bytes = data.to_s
+        @size += bytes.size
+        partial = @stream_cipher.update(bytes, @cipher_buffer ||= "".b)
         @ios.write(partial) unless partial.empty?
         data.length
       end