symmetric-encryption 0.7.2 → 0.8.0

data/README.md

@@ -138,97 +138,34 @@ specified environment
 Note: Passwords must be encrypted in the environment in which they will be used.
   Since each environment should have its own symmetric encryption keys
 
-## Install
+## Installation
 
-  gem install symmetric-encryption
-
-## Configuration
-
-### Generating the RSA Private key
+### Add to an existing Rails project
+Add the following line to Gemfile
 
-To protect the files holding the Symmetric Encryption keys, symmetric-encryption uses 2048 bit RSA
-encryption.
+  gem 'symmetric-encryption'
 
-Generate the RSA Private key as follows
+Install the Gem with bundler
 
-    openssl genrsa 2048
+  bundle install
 
-Paste the output into the configuration created below
+## Rails Configuration
 
 ### Creating the configuration file
 
-Create a configuration file in config/symmetric-encryption.yml per the following example:
+The configuration file contains the path to the production encryption key files.
+Generally in development and test the files are not created, so supply the full path
+to these files in production. Once the config file has been generated it can be
+modified as needed.
 
-    #
-    # Symmetric Encryption for Ruby
-    #
-    ---
-    # For the development and test environments the test symmetric encryption keys
-    # can be placed directly in the source code.
-    # And therefore no RSA private key is required
-    development: &development_defaults
-      key: 1234567890ABCDEF1234567890ABCDEF
-      iv: 1234567890ABCDEF
-      cipher: aes-128-cbc
+Generate the configuration file:
 
-    test:
-      <<: *development_defaults
+  rails generate symmetric_encryption:config /etc/rails/keys
 
-    production:
-      # Since the key to encrypt and decrypt with must NOT be stored along with the
-      # source code, we only hold a RSA key that is used to unlock the file
-      # containing the actual symmetric encryption key
-      #
-      # Sample RSA Key, DO NOT use this RSA key, generate a new one using
-      #    openssl genrsa 2048
-      private_rsa_key: |
-        -----BEGIN RSA PRIVATE KEY-----
-        MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
-        6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
-        qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
-        IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
-        fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
-        WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
-        ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
-        k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
-        0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
-        Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
-        ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
-        nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
-        nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
-        M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
-        SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
-        suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
-        hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
-        MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
-        ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
-        ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
-        /XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
-        VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
-        h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
-        PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
-        r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
-        -----END RSA PRIVATE KEY-----
+Note: Ignore the warning about "Symmetric Encryption config not found" since it is
+being generated
 
-      # List Symmetric Key files in the order of current / latest first
-      ciphers:
-        -
-          # Filename containing Symmetric Encryption Key encrypted using the
-          # RSA public key derived from the private key above
-          key_filename: /etc/rails/.rails.key
-          iv_filename: /etc/rails/.rails.iv
-
-          # Encryption cipher
-          #   Recommended values:
-          #      aes-256-cbc
-          #         256 AES CBC Algorithm. Very strong
-          #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
-          #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
-          #      aes-128-cbc
-          #         128 AES CBC Algorithm. Less strong.
-          #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
-          #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
-          cipher: aes-256-cbc
+#### Save to version control
 
 This configuration file should be checked into the source code control system.
 It does Not include the Symmetric Encryption keys. They will be generated in the
@@ -236,22 +173,44 @@ next step.
 
 ### Generating and securing the Symmetric Encryption keys
 
+Once development and testing is complete we need to generate secure encryption
+key files for production. It is recommended that the step below be run on only
+one of the production servers. The generated key files must then be copied to
+all the production web servers.
+
+Note: Do not run this step more than once, otherwise new keys will be generated
+and any encrypted data will no longer be accessible.
+
+Note: Do not run this step on more than one server in each environment otherwise
+each server will be encrypting with it's own key and the servers will not be able
+to decrypt data encrypted on another server. Just copy the generated files to each
+server
+
 The symmetric encryption key consists of the key itself and an optional
 initialization vector.
 
-To generate the keys run the following Rake task in each environment:
+To generate the keys run the following Rake task once only in each environment:
 
-    RAILS_ENV=production rake symmetric_encryption:generate_symmetric_keys
+    rails generate symmetric_encryption:new_keys production
 
 Replace 'production' as necessary for each environment.
 
 Make sure that the current user has read and write access to the folder listed
-in the configuration option symmetric_key_filename above.
+in the config file option key_filename.
+
+Note: Ignore the warning about the key files "not found or readable" since they
+are being generated
 
 Once the Symmetric Encryption keys have been generated, secure them further by
-making the files read-only to the Rails user and not readable by any other user
+making the files read-only to the Rails user and not readable by any other user.
+Change ownership of the keys to the rails user and only give it access to read the key files:
+
+    chown rails /etc/rails/keys/*
+    chmod 0400 /etc/rails/keys/*
 
-    chmod ...
+Change 'rails' above to the userid under which your Rails processes are run
+and update the path to the one supplied when generating the config file or
+look in the config file itself
 
 When running multiple Rails servers in a particular environment copy the same
 key files to every server in that environment. I.e. All Rails servers in each
@@ -261,8 +220,16 @@ Note: The generate step above must only be run once in each environment
 
 ## Using in non-Rails environments
 
-symmetric-encryption can also be used in non-Rails environment. At application
-startup, run the code below to initialize symmetric-encryption prior to
+SymmetricEncryption can also be used in non-Rails environment.
+
+Install SymmetricEncryption
+
+  gem install symmetric-encryption
+
+Manually create a symmetric-encryption.yml configuration file based on the
+one supplied in examples/symmetric-encryption.yml.
+
+At application startup, run the code below to initialize symmetric-encryption prior to
 attempting to encrypt or decrypt any data
 
     require 'symmetric-encryption'
@@ -309,8 +276,8 @@ Create a configuration file in config/symmetric-encryption.yml per the following
     # can be placed directly in the source code.
     # And therefore no RSA private key is required
     development: &development_defaults
-      key: 1234567890ABCDEF1234567890ABCDEF
-      iv: 1234567890ABCDEF
+      key:    1234567890ABCDEF1234567890ABCDEF
+      iv:     1234567890ABCDEF
       cipher: aes-128-cbc
 
     test:
@@ -358,7 +325,7 @@ Create a configuration file in config/symmetric-encryption.yml per the following
           # Filename containing Symmetric Encryption Key encrypted using the
           # RSA public key derived from the private key above
           key_filename: /etc/rails/.rails.key
-          iv_filename: /etc/rails/.rails.iv
+          iv_filename:  /etc/rails/.rails.iv
 
           # Encryption cipher
           #   Recommended values:
@@ -380,10 +347,17 @@ Create a configuration file in config/symmetric-encryption.yml per the following
           # Only used when old data still exists that requires old decryption keys
           # to be used
           key_filename: /etc/rails/.rails_old.key
-          iv_filename: /etc/rails/.rails_old.iv
-          cipher:   aes-256-cbc
+          iv_filename:  /etc/rails/.rails_old.iv
+          cipher:       aes-256-cbc
 
-## Possible Future Enhancements
+## Future Enhancements
+
+* Ability to randomly generate a new initialization vector (iv) with every
+  encryption and put the iv in the encrypted data as its header
+
+* With file encryption randomly generate a new key and initialization vector (iv) with every
+  file encryption and put the key and iv in the encrypted data as its header which
+  is encrypted using the global key and iv
 
 Submit an issue ticket to request any of the following features:
 
@@ -395,16 +369,6 @@ Submit an issue ticket to request any of the following features:
   data exceeds some predefined size. And automatically decompressing the data
   during decryption
 
-* Make attr_encrypted auto-detect the encrypted column type and Base64 encode
-  when type is CHAR and store as binary when type is BINARY or BLOB
-
-* Create rake task / generator to generate a sample configuration file
-  with a new RSA Private key already in it
-
-* Ability to change SymmetricEncryption configuration options from custom
-  Rails initializers, rather than having everything in the config file.
-  For example config.symmetric_encryption.cipher = 'aes-128-cbc'
-
 Meta
 ----
 

data/examples/symmetric-encryption.yml

@@ -68,6 +68,21 @@ production:
       #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
       cipher: aes-256-cbc
 
+      # Set the way the encrypted data is encoded:
+      # base64
+      #   Encrypted data is returned in base64 encoding format
+      #   Symmetric::Encryption.decrypt will also base64 decode any data prior
+      #   to decrypting it
+      # base64strict
+      #   As base64 except that does not contain any newlines
+      #   This is the recommended setting
+      # none
+      #   Encrypted data is returned as raw binary
+      #   Although smaller than base64 it cannot be stored in MySQL text columns
+      #   It can only be held in binary columns such as BINARY or BLOB
+      # Default: base64
+      encoding: base64strict
+
       # FUTURE ENHANCEMENT:
       #
       # By adding a version indicator all encrypted data will include
@@ -86,23 +101,6 @@ production:
       # Default: 0
       #version: 0
 
-      # FUTURE ENHANCEMENT:
-      #
-      # Set the way the encrypted data is encoded:
-      # base64
-      #   Encrypted data is returned in base64 encoding format
-      #   Symmetric::Encryption.decrypt will also base64 decode any data prior
-      #   to decrypting it
-      # base64withoutsuffix
-      #   As base64 except that the trailing newline is removed after base64
-      #   encoding
-      # binary
-      #   Encrypted data is returned as raw binary
-      #   Although smaller than base64 it cannot be stored in MySQL text columns
-      #   It can only be held in binary columns such as BINARY or BLOB
-      # Default: base64withoutsuffix
-      #encoding: base64withoutsuffix
-
       # OPTIONAL:
       #
       # Any previous Symmetric Encryption Keys
@@ -112,3 +110,4 @@ production:
     - key_filename: /etc/rails/.rails_old.key
       iv_filename:  /etc/rails/.rails_old.iv
       cipher:       aes-256-cbc
+      encoding:     base64strict

data/lib/rails/generators/symmetric_encryption/config/config_generator.rb

@@ -0,0 +1,22 @@
+module SymmetricEncryption
+  module Generators
+    class ConfigGenerator < Rails::Generators::Base
+      desc "Creates a SymmetricEncryption configuration file at config/symmetric-encryption.yml"
+
+      argument :key_path, :type => :string, :optional => false
+
+      def self.source_root
+        @_symmetric_encryption_source_root ||= File.expand_path("../templates", __FILE__)
+      end
+
+      def app_name
+        Rails::Application.subclasses.first.parent.to_s.underscore
+      end
+
+      def create_config_file
+        template 'symmetric-encryption.yml', File.join('config', "symmetric-encryption.yml")
+      end
+
+    end
+  end
+end

data/lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml

@@ -0,0 +1,50 @@
+#
+# Symmetric Encryption for Ruby
+#
+---
+# For the development and test environments the test symmetric encryption keys
+# can be placed directly in the source code.
+# And therefore no RSA private key is required
+development: &development_defaults
+  key: 1234567890ABCDEF1234567890ABCDEF
+  iv: 1234567890ABCDEF
+  cipher: aes-128-cbc
+
+test:
+  <<: *development_defaults
+
+release:
+  # Since the key to encrypt and decrypt with must NOT be stored along with the
+  # source code, we only hold a RSA key that is used to unlock the file
+  # containing the actual symmetric encryption key
+  private_rsa_key: |
+<%= OpenSSL::PKey::RSA.generate(2048).to_s.collect { |line| "    #{line}" }.join('') %>
+
+  # List Symmetric Key files in the order of current / latest first
+  ciphers:
+    -
+      # Filename containing Symmetric Encryption Key encrypted using the
+      # RSA public key derived from the private key above
+      key_filename: <%= File.join(key_path, "#{app_name}_release.key") %>
+      iv_filename:  <%= File.join(key_path, "#{app_name}_release.iv") %>
+      cipher:       aes-256-cbc
+      # Base64 encode encrypted data without newlines
+      encoding:     base64strict
+
+production:
+  # Since the key to encrypt and decrypt with must NOT be stored along with the
+  # source code, we only hold a RSA key that is used to unlock the file
+  # containing the actual symmetric encryption key
+  private_rsa_key: |
+<%= OpenSSL::PKey::RSA.generate(2048).to_s.collect { |line| "    #{line}" }.join('') %>
+
+  # List Symmetric Key files in the order of current / latest first
+  ciphers:
+    -
+      # Filename containing Symmetric Encryption Key encrypted using the
+      # RSA public key derived from the private key above
+      key_filename: <%= File.join(key_path, "#{app_name}_production.key") %>
+      iv_filename:  <%= File.join(key_path, "#{app_name}_production.iv") %>
+      cipher:       aes-256-cbc
+      # Base64 encode encrypted data without newlines
+      encoding:     base64strict

data/lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb

@@ -0,0 +1,14 @@
+module SymmetricEncryption
+  module Generators
+    class NewKeysGenerator < Rails::Generators::Base
+      desc "Generate new Symmetric key and initialization vector based on values in config/symmetric-encryption.yml"
+      
+      argument :environment, :type => :string, :optional => false
+
+      def create_config_file
+        SymmetricEncryption.generate_symmetric_key_files(File.join('config', "symmetric-encryption.yml"), environment)
+      end
+
+    end
+  end
+end

data/lib/symmetric_encryption/cipher.rb

@@ -7,10 +7,11 @@ module SymmetricEncryption
   # threads at the same time without needing an instance of Cipher per thread
   class Cipher
     # Cipher to use for encryption and decryption
-    attr_reader :cipher, :version
+    attr_reader :cipher, :version, :version
+    attr_accessor :encoding
 
-    # Future Use:
-    # attr_accessor :encoding, :version
+    # Available encodings
+    ENCODINGS = [:none, :base64, :base64strict]
 
     # Generate a new Symmetric Key pair
     #
@@ -43,6 +44,9 @@ module SymmetricEncryption
       @iv = parms[:iv]
       @cipher = parms[:cipher] || 'aes-256-cbc'
       @version = parms[:version]
+      @encoding = (parms[:encoding] || :base64).to_sym
+
+      raise("Invalid Encoding: #{@encoding}") unless ENCODINGS.include?(@encoding)
     end
 
     # AES Symmetric Encryption of supplied string

data/lib/symmetric_encryption/railtie.rb

@@ -7,10 +7,14 @@ module SymmetricEncryption #:nodoc:
     # @example Set up configuration in the Rails app.
     #   module MyApplication
     #     class Application < Rails::Application
-    #       config.symmetric_encryption.cipher = 'aes-256-cbc'
+    #       config.symmetric_encryption.cipher = SymmetricEncryption::Cipher.new(
+    #         :key    => '1234567890ABCDEF1234567890ABCDEF',
+    #         :iv     => '1234567890ABCDEF',
+    #         :cipher => 'aes-128-cbc'
+    #       )
     #     end
     #   end
-    #config.symmetric_encryption = ::SymmetricEncryption::Config
+    config.symmetric_encryption = ::SymmetricEncryption
 
     rake_tasks do
       load "symmetric_encryption/railties/symmetric_encryption.rake"
@@ -33,8 +37,8 @@ module SymmetricEncryption #:nodoc:
       if config_file.file?
         ::SymmetricEncryption.load!(config_file, Rails.env)
       else
-        puts "\nSymmetric Encryption config not found. Create a config file at: config/symmetric-encryption.yml"
-        #           puts "to generate one run: rails generate symmetric-encryption:config\n\n"
+        puts "\nSymmetric Encryption config not found."
+        puts "To generate one for the first time: rails generate symmetric_encryption:config\n\n"
       end
     end
 

data/lib/symmetric_encryption/railties/symmetric_encryption.rake

@@ -23,11 +23,6 @@ namespace :symmetric_encryption do
     puts "\nEncrypted: #{SymmetricEncryption.encrypt(password1)}\n\n"
   end
 
-  desc 'Generate new Symmetric key and initialization vector. Example: RAILS_ENV=production rake symmetric_encryption:generate_symmetric_keys'
-  task :generate_symmetric_keys do
-    SymmetricEncryption.generate_symmetric_key_files
-  end
-
   desc 'Generate a random password and display its encrypted form. Example: rake symmetric_encryption:random_password'
   task :random_password => :environment do
     p = SymmetricEncryption.random_password

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -65,13 +65,19 @@ module SymmetricEncryption
   #
   def self.decrypt(str)
     raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
-    binary = ::Base64.decode64(str) if str
+
+    # Decode data first based on encoding setting
+    case @@cipher.encoding
+    when :base64, :base64strict
+      str = ::Base64.decode64(str) if str
+    end
+
     begin
-      @@cipher.decrypt(binary)
+      @@cipher.decrypt(str)
     rescue OpenSSL::Cipher::CipherError => exc
       @@secondary_ciphers.each do |cipher|
         begin
-          return cipher.decrypt(binary)
+          return cipher.decrypt(str)
         rescue OpenSSL::Cipher::CipherError
         end
       end
@@ -87,11 +93,18 @@ module SymmetricEncryption
     raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
 
     # Encrypt data as a binary string
-    result = @@cipher.encrypt(str)
-
-    # Base 64 Encoding of binary data
-    result = ::Base64.encode64(result) if result
-    result
+    if result = @@cipher.encrypt(str)
+      # Now encode data based on encoding setting
+      case @@cipher.encoding
+      when :base64
+        # Base 64 Encoding of binary data
+        ::Base64.encode64(result)
+      when :base64strict
+        ::Base64.encode64(result).gsub(/\n/, '')
+      else
+        result
+      end
+    end
   end
 
   # Invokes decrypt
@@ -117,11 +130,9 @@ module SymmetricEncryption
   def self.encrypted?(encrypted_data)
     raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
 
-    # First make sure Base64 encoded data still ends with "\n" since it could be used in a key field somewhere
-    return false unless encrypted_data.end_with?("\n")
-
     # For now have to decrypt it fully
-    !try_decrypt(encrypted_data).nil?
+    result = try_decrypt(encrypted_data)
+    !(result.nil? || result == '')
   end
 
   # Load the Encryption Configuration from a YAML file
@@ -142,11 +153,7 @@ module SymmetricEncryption
     else
       private_rsa_key = config[:private_rsa_key]
       @@cipher, *@@secondary_ciphers = config[:ciphers].collect do |cipher_conf|
-        cipher_from_encrypted_files(
-          private_rsa_key,
-          cipher_conf[:cipher],
-          cipher_conf[:key_filename],
-          cipher_conf[:iv_filename])
+        cipher_from_encrypted_files(private_rsa_key, cipher_conf)
       end
     end
 
@@ -164,7 +171,7 @@ module SymmetricEncryption
   #   and initilization vector .iv
   #       which is encrypted with the above Public key
   #
-  # Warning: Existing files will be overwritten
+  # Existing key files will be renamed if present
   def self.generate_symmetric_key_files(filename=nil, environment=nil)
     config = read_config(filename, environment)
     cipher_cfg = config[:ciphers].first
@@ -239,6 +246,7 @@ module SymmetricEncryption
           :cipher       => cipher_cfg['cipher'] || default_cipher,
           :key_filename => key_filename,
           :iv_filename  => iv_filename,
+          :encoding     => cipher_cfg['encoding']
         }
       end
 
@@ -271,18 +279,34 @@ module SymmetricEncryption
   #   iv_filename
   #     Optional. Name of file containing symmetric key initialization vector
   #     encrypted using the public key matching the supplied private_key
-  def self.cipher_from_encrypted_files(private_rsa_key, cipher, key_filename, iv_filename = nil)
+  def self.cipher_from_encrypted_files(private_rsa_key, cipher_conf)
     # Load Encrypted Symmetric keys
-    encrypted_key = File.read(key_filename)
-    encrypted_iv = File.read(iv_filename) if iv_filename
+    key_filename =  cipher_conf[:key_filename]
+    encrypted_key = begin
+      File.read(key_filename)
+    rescue Errno::ENOENT
+      puts "\nSymmetric Encryption key file: '#{key_filename}' not found or readable."
+      puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
+      return
+    end
+
+    iv_filename =  cipher_conf[:iv_filename]
+    encrypted_iv = begin
+      File.read(iv_filename) if iv_filename
+    rescue Errno::ENOENT
+      puts "\nSymmetric Encryption initialization vector file: '#{iv_filename}' not found or readable."
+      puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
+      return
+    end
 
     # Decrypt Symmetric Keys
     rsa = OpenSSL::PKey::RSA.new(private_rsa_key)
     iv = rsa.private_decrypt(encrypted_iv) if iv_filename
     Cipher.new(
-      :key    => rsa.private_decrypt(encrypted_key),
-      :iv     => iv,
-      :cipher => cipher
+      :key      => rsa.private_decrypt(encrypted_key),
+      :iv       => iv,
+      :cipher   => cipher_conf[:cipher],
+      :encoding => cipher_conf[:encoding]
     )
   end
 

data/lib/symmetric_encryption/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module SymmetricEncryption #:nodoc
-  VERSION = "0.7.2"
+  VERSION = "0.8.0"
 end

data/test/attr_encrypted_test.rb

@@ -51,10 +51,10 @@ class AttrEncryptedTest < Test::Unit::TestCase
 
     setup do
       @bank_account_number = "1234567890"
-      @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA==\n"
+      @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA=="
 
       @social_security_number = "987654321"
-      @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
+      @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
 
       @user = User.new(
         # Encrypted Attribute

data/test/config/symmetric-encryption.yml

@@ -39,9 +39,13 @@ test:
     - key_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_new.key
       iv_filename:  /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_new.iv
       cipher:       aes-128-cbc
+      # Base64 encode encrypted data without newlines
+      encoding:     base64strict
 
     # Previous Symmetric Encryption Key
     - key_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_secondary_1.key
       iv_filename:  /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_secondary_1.iv
       cipher:       aes-128-cbc
+      # Base64 encode encrypted data without newlines
+      encoding:     base64
 

data/test/field_encrypted_test.rb

@@ -39,19 +39,19 @@ class FieldEncryptedTest < Test::Unit::TestCase
   context 'the SymmetricEncryption Library' do
     setup do
       @bank_account_number = "1234567890"
-      @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA==\n"
+      @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA=="
 
       @social_security_number = "987654321"
-      @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
+      @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
 
       @integer = 32768
-      @integer_encrypted = "FA3smFQEKqB/ITv+A0xACg==\n"
+      @integer_encrypted = "FA3smFQEKqB/ITv+A0xACg=="
 
       @float = 0.9867
-      @float_encrypted = "z7Pwt2JDp74d+u0IXFAdrQ==\n"
+      @float_encrypted = "z7Pwt2JDp74d+u0IXFAdrQ=="
 
       @date = Date.parse('20120320')
-      @date_encrypted = "WTkSPHo5ApSSHBJMxxWt2A==\n"
+      @date_encrypted = "WTkSPHo5ApSSHBJMxxWt2A=="
 
       # #TODO Intercept passing in attributes to create etc.
       @user = MongoidUser.new(

data/test/symmetric_encryption_test.rb

@@ -24,11 +24,42 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
       end
     end
 
-    context 'SymmetricEncryption tests' do
+    context 'Base64 encoding tests' do
       setup do
         @social_security_number = "987654321"
         @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
         @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
+        @encoding = SymmetricEncryption.cipher.encoding
+        SymmetricEncryption.cipher.encoding = :base64
+      end
+
+      teardown do
+        SymmetricEncryption.cipher.encoding = @encoding
+      end
+
+      should "encrypt simple string" do
+        assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
+      end
+
+      should "decrypt string" do
+        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+      end
+
+      should "determine if string is encrypted" do
+        assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
+        assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
+      end
+
+      should "decrypt with secondary key when first one fails" do
+        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+      end
+    end
+
+    context 'Base64Strict tests' do
+      setup do
+        @social_security_number = "987654321"
+        @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
+        @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow=="
       end
 
       should "encrypt simple string" do

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 7
-  - 2
-  version: 0.7.2
+  - 8
+  - 0
+  version: 0.8.0
 platform: ruby
 authors: 
 - Reid Morrison
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-08-22 00:00:00 -04:00
+date: 2012-08-28 00:00:00 -04:00
 default_executable: 
 dependencies: []
 
@@ -32,6 +32,9 @@ files:
 - csv_encrypted
 - csv_encrypted_zip
 - examples/symmetric-encryption.yml
+- lib/rails/generators/symmetric_encryption/config/config_generator.rb
+- lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml
+- lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb
 - lib/symmetric-encryption.rb
 - lib/symmetric_encryption/cipher.rb
 - lib/symmetric_encryption/extensions/active_record/base.rb