diff --git a/lib/ripple-encryption/activation.rb b/lib/ripple-encryption/activation.rb
deleted file mode 100644
index 3c9bcfe..0000000
--- a/lib/ripple-encryption/activation.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-module Ripple
-  module Encryption
-    class Activation
-
-      def initialize(path)
-        config = Ripple::Encryption::Config.new path
-        # short-circuit encryption via the config file if desired
-        if !Riak::Serializers['application/x-json-encrypted'] && (config.to_h['encryption'] != false)
-          Riak::Serializers['application/x-json-encrypted'] = Ripple::Encryption::Serializer.new config
-        end
-        @@is_activated = true
-      end
-
-      def self.activated?
-        @@is_activated
-      end
-    end
-  end
-end
diff --git a/lib/ripple-encryption/config.rb b/lib/ripple-encryption/config.rb
index 0d88541..5922651 100644
--- a/lib/ripple-encryption/config.rb
+++ b/lib/ripple-encryption/config.rb
@@ -30,8 +30,8 @@ def activate
 
       def validate_path(path)
         if !File.exists? path
-          raise ConfigError, <<MISSINGFILE
-The config file [usually "config/encryption.yml"] is missing or incorrect. You will
+          raise Ripple::Encryption::ConfigError, <<MISSINGFILE
+The file "config/encryption.yml" is missing or incorrect. You will
 need to create this file and populate it with a valid cipher,
 initialization vector and secret key.  An example is provided in 
 "config/encryption.yml.example".
diff --git a/lib/ripple-encryption/encrypted_json_document.rb b/lib/ripple-encryption/encrypted_json_document.rb
index 8be87af..9c0bf91 100644
--- a/lib/ripple-encryption/encrypted_json_document.rb
+++ b/lib/ripple-encryption/encrypted_json_document.rb
@@ -6,8 +6,7 @@ class EncryptedJsonDocumentError < StandardError; end
     # Interprets a encapsulation in JSON for encrypted Ripple documents.
     #
     # Example usage:
-    #     Ripple::Encryption::JsonDocument.new(@config, @document).encrypt
-    #     Ripple::Encryption::EncryptedJsonDocument.new(@config, @document).decrypt
+    #     Ripple::Encryption::JsonDocument.new(@document).encrypt
     class EncryptedJsonDocument
       # Creates an object that is prepared to decrypt its contents.
       # @param [String] data json string that was stored in Riak
diff --git a/lib/ripple-encryption/encrypted_serializer.rb b/lib/ripple-encryption/encrypted_serializer.rb
new file mode 100644
index 0000000..4b1f566
--- /dev/null
+++ b/lib/ripple-encryption/encrypted_serializer.rb
@@ -0,0 +1,117 @@
+module Ripple
+  module Encryption
+    # Implements the {Riak::Serializer} API for the purpose of
+    # encrypting/decrypting Ripple documents.
+    #
+    # Example usage:
+    #     ::Riak::Serializers['application/x-json-encrypted'] = EncryptedSerializer.new(OpenSSL::Cipher.new("AES-256"))
+    #     class MyDocument
+    #       include Ripple::Document
+    #       include Riak::Encryption
+    #     end
+    #
+    # @see Encryption
+    class EncryptedSerializer
+      # @return [String] The Content-Type of the internal format,
+      #      generally "application/json"
+      attr_accessor :content_type
+
+      # @return [OpenSSL::Cipher, OpenSSL::PKey::*] the cipher used to encrypt the object
+      attr_accessor :cipher
+
+      # Cipher-specific settings
+      # @see OpenSSL::Cipher
+      attr_accessor :key, :iv, :key_length, :padding
+
+      # Serialization Options
+      # @return [true, false] Is the encrypted text also base64 encoded?
+      attr_accessor :base64
+
+      # Creates a serializer using the provided cipher and internal
+      # content type. Be sure to set the {#key}, {#iv}, {#key_length},
+      # {#padding} as appropriate for the cipher before attempting
+      # (de-)serialization.
+      # @param [OpenSSL::Cipher] cipher the desired
+      #     encryption/decryption algorithm
+      # @param [String] content_type the Content-Type of the
+      #     unencrypted contents
+      def initialize(cipher, content_type='application/json', path)
+        @cipher, @content_type = cipher, content_type
+        @config = Ripple::Encryption::Config.new(path)
+      end
+
+      # Serializes and encrypts the Ruby object using the assigned
+      # cipher and Content-Type.
+      # @param [Object] object the Ruby object to serialize/encrypt
+      # @return [String] the serialized, encrypted form of the object
+      def dump(object)
+        JsonDocument.new(@config, object).encrypt
+      end
+
+      # Decrypts and deserializes the blob using the assigned cipher
+      # and Content-Type.
+      # @param [String] blob the original content from Riak
+      # @return [Object] the decrypted and deserialized object
+      def load(object)
+        # try the v1 way first
+        begin
+          internal = decrypt(object)
+          return ::Riak::Serializers.deserialize('application/json', internal)
+        # if that doesn't work, try the v2 way
+        rescue OpenSSL::Cipher::CipherError, MultiJson::DecodeError
+          return EncryptedJsonDocument.new(@config, object).decrypt
+        end
+      end
+
+      private
+
+      # generates a new iv each call unless a static (less secure)
+      # iv is used.
+      def encrypt(object)
+        old_version = '0.0.1'
+        result = ''
+        if cipher.respond_to?(:iv=) and @iv == nil
+          iv = OpenSSL::Random.random_bytes(cipher.iv_len)
+          cipher.iv = iv
+          result << old_version << iv
+        end
+
+        if cipher.respond_to?(:public_encrypt)
+          result << cipher.public_encrypt(object)
+        else
+          cipher_setup :encrypt
+          result << cipher.update(object) << cipher.final
+          cipher.reset
+        end
+        return result
+      end
+
+      def decrypt(cipher_text)
+        old_version = '0.0.1'
+
+        if cipher.respond_to?(:iv=) and @iv == nil
+          version = cipher_text.slice(0, old_version.length)
+          cipher.iv = cipher_text.slice(old_version.length, cipher.iv_len)
+          cipher_text = cipher_text.slice(old_version.length + cipher.iv_len, cipher_text.length)
+        end
+
+        if cipher.respond_to?(:private_decrypt)
+          cipher.private_decrypt(cipher_text)
+        else
+          cipher_setup :decrypt
+          result = cipher.update(cipher_text) << cipher.final
+          cipher.reset
+          result
+        end
+      end
+
+      def cipher_setup(mode)
+        cipher.send mode
+        cipher.key        = key        if key
+        cipher.iv         = iv         if iv
+        cipher.key_length = key_length if key_length
+        cipher.padding    = padding    if padding
+      end
+    end
+  end
+end
diff --git a/lib/ripple-encryption/encryption.rb b/lib/ripple-encryption/encryption.rb
index c7126a0..997b903 100644
--- a/lib/ripple-encryption/encryption.rb
+++ b/lib/ripple-encryption/encryption.rb
@@ -1,20 +1,78 @@
+require 'openssl'
+require 'ripple'
+
 module Ripple
-  # When mixed into a Ripple::Document class, this will encrypt the
-  # serialized form before it is stored in Riak.  You must register
-  # a serializer that will perform the encryption.
-  # @see Serializer
+
   module Encryption
-    # Overrides the internal method to set the content-type to be
-    # encrypted.
-    def robject
-      @robject ||= Riak::RObject.new(self.class.bucket, key).tap do |obj|
-        obj.content_type = 'application/x-json-encrypted'
+
+    # When mixed into a Ripple::Document class, this will encrypt the
+    # serialized form before it is stored in Riak.  You must register
+    # a serializer that will perform the encryption.
+    # @see EncryptedSerializer
+    module Encryption
+      extend ActiveSupport::Concern
+
+      @@is_activated = false
+
+      included do
+        @@encrypted_content_type = self.encrypted_content_type = 'application/x-json-encrypted'
       end
+
+      module ClassMethods
+        # @return [String] the content type to be used to indicate the
+        #     proper encryption scheme. Defaults to 'application/x-json-encrypted'
+        attr_accessor :encrypted_content_type
+      end
+
+      # Overrides the internal method to set the content-type to be
+      # encrypted.
+      def update_robject
+        super
+        if @@is_activated
+          robject.content_type = @@encrypted_content_type
+        end
+      end
+
+      def self.activate(path)
+        encryptor = nil
+        unless Riak::Serializers['application/x-json-encrypted']
+          begin
+            config = YAML.load_file(path)[ENV['RACK_ENV']]
+            encryptor = Ripple::Encryption::EncryptedSerializer.new(OpenSSL::Cipher.new(config['cipher']), 'application/x-json-encrypted', path)
+          rescue Exception => e
+            handle_invalid_encryption_config(e.message, e.backtrace)
+          end
+          encryptor.key = config['key'] if config['key']
+          encryptor.iv = config['iv'] if config['iv']
+          Riak::Serializers['application/x-json-encrypted'] = encryptor
+          @@is_activated = true
+        end
+        encryptor
+      end
+
+      def self.activated
+        @@is_activated
+      end
+
     end
-    def update_robject
-      robject.key = key if robject.key != key
-      robject.content_type ||= 'application/x-json-encrypted'
-      robject.data = attributes_for_persistence
-    end
   end
 end
+
+def handle_invalid_encryption_config(msg, trace)
+  puts <<eos
+
+    The file "config/encryption.yml" is missing or incorrect. You will
+    need to create this file and populate it with a valid cipher,
+    initialization vector and secret key.
+
+    An example is provided in "config/encryption.yml.example".
+eos
+
+  puts "Error Message: " + msg
+  puts "Error Trace:"
+  trace.each do |line|
+    puts line
+  end
+
+  exit 1
+end
diff --git a/lib/ripple-encryption/encryptor.rb b/lib/ripple-encryption/encryptor.rb
index 43a7eaa..2cea2aa 100644
--- a/lib/ripple-encryption/encryptor.rb
+++ b/lib/ripple-encryption/encryptor.rb
@@ -1,7 +1,7 @@
 module Ripple
   module Encryption
     # Generic error class for Encryptor
-    class EncryptorError < StandardError; end
+    class EncryptorConfigError < StandardError; end
 
     # Implements a simple object that can either encrypt or decrypt arbitrary data.
     #
@@ -13,7 +13,10 @@ class Encryptor
       # Creates an Encryptor that is prepared to encrypt/decrypt a blob.
       # @param [Hash] config the key/cipher/iv needed to initialize OpenSSL
       def initialize(config)
-        validate(config)
+        # ensure that we have the required configuration keys
+        %w(cipher key iv).each do |option|
+          raise(Ripple::Encryption::EncryptorConfigError, "Missing configuration option '#{option}'.") if config[option].nil?
+        end
         @config = config
         @cipher = OpenSSL::Cipher.new(@config['cipher'])
       end
@@ -40,15 +43,6 @@ def initialize_cipher_for(mode)
         @cipher.key = @config['key']
         @cipher.iv  = @config['iv']
       end
-
-      # Creates an Encryptor that is prepared to encrypt/decrypt a blob.
-      # @param [Hash] config the key/cipher/iv needed to initialize OpenSSL
-      def validate(config)
-        # ensure that we have the required configuration keys
-        %w(cipher key iv).each do |option|
-          raise(Ripple::Encryption::EncryptorError, "Missing configuration option '#{option}'.") if config[option].nil?
-        end
-      end
     end
   end
 end
diff --git a/lib/ripple-encryption/serializer.rb b/lib/ripple-encryption/serializer.rb
deleted file mode 100644
index a10effd..0000000
--- a/lib/ripple-encryption/serializer.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-module Ripple
-  module Encryption
-    # Implements the {Riak::Serializer} API for the purpose of
-    # encrypting/decrypting Ripple documents.
-    #
-    # Example usage:
-    #     ::Riak::Serializers['application/x-json-encrypted'] = Ripple::Encryption::Serializer.new(OpenSSL::Cipher.new("AES-256"))
-    #     class MyDocument
-    #       include Ripple::Document
-    #       include Riak::Encryption
-    #     end
-    #
-    # @see Encryption
-    class Serializer
-      # @param [Ripple::Encryption::Config]
-      def initialize(config)
-        @config = config
-      end
-
-      # Serializes and encrypts the Ruby object using the assigned
-      # cipher and Content-Type.
-      # @param [Object] object the Ruby object to serialize/encrypt
-      # @return [String] the serialized, encrypted form of the object
-      def dump(object)
-        JsonDocument.new(@config, object).encrypt
-      end
-
-      # Decrypts and deserializes the blob using the assigned cipher
-      # and Content-Type.
-      # @param [String] blob the original content from Riak
-      # @return [Object] the decrypted and deserialized object
-      def load(object)
-        EncryptedJsonDocument.new(@config, object).decrypt
-      end
-    end
-  end
-end
diff --git a/test/fixtures/test_document/some_other_data.encrypted.riak b/test/fixtures/test_document/some_other_data.encrypted.riak
index 1460940..c01d90c 100644
--- a/test/fixtures/test_document/some_other_data.encrypted.riak
+++ b/test/fixtures/test_document/some_other_data.encrypted.riak
@@ -1 +1 @@
-{"version":"0.1.0","iv":"ABYLnUHWE/fIwE2gKYC6hg==\n","data":"KYtsnoDZ85AMR/eZAVBtEXe88gB/UNagMpl4oV7FLxUgtqw5BvPCbLChrmdg\nsRQas2VZ8/FkIx5CiMeJYoi9Ag==\n"}
\ No newline at end of file
+{"version":"0.0.3","iv":"ABYLnUHWE/fIwE2gKYC6hg==\n","data":"KYtsnoDZ85AMR/eZAVBtEXe88gB/UNagMpl4oV7FLxUgtqw5BvPCbLChrmdg\nsRQas2VZ8/FkIx5CiMeJYoi9Ag==\n"}
\ No newline at end of file
diff --git a/test/fixtures/test_document/v0_doc.riak b/test/fixtures/test_document/v0_doc.riak
new file mode 100644
index 0000000..32d9574
--- /dev/null
+++ b/test/fixtures/test_document/v0_doc.riak
@@ -0,0 +1 @@
+{"message":"this is unencrypted data", "_type":"TestDocument"}
diff --git a/test/fixtures/test_document/v1_doc.riak b/test/fixtures/test_document/v1_doc.riak
new file mode 100644
index 0000000..bc3ced5
--- /dev/null
+++ b/test/fixtures/test_document/v1_doc.riak
@@ -0,0 +1 @@
+0��d�>^��
|���`f���p�#ʼl_�*�
\ No newline at end of file
diff --git a/test/fixtures/test_document/v2_doc.riak b/test/fixtures/test_document/v2_doc.riak
new file mode 100644
index 0000000..d0ddc23
--- /dev/null
+++ b/test/fixtures/test_document/v2_doc.riak
@@ -0,0 +1 @@
+{"version":"0.0.2","iv":"ABYLnUHWE/fIwE2gKYC6hg==\n","data":"MK0LuGThPhde4t0NfKSbhAvPjTuFmykhWVGNxPG++40=\n"}
diff --git a/test/helper.rb b/test/helper.rb
index 14ed507..b8ec797 100644
--- a/test/helper.rb
+++ b/test/helper.rb
@@ -17,16 +17,14 @@
   client = Riak::Client.new(:nodes => [riak_config])
   bucket = client.bucket("#{riak_config[:namespace].to_s}test") 
   object = bucket.get_or_new("test") 
-rescue RuntimeError => e
-  raise e
+rescue RuntimeError
+  raise RuntimeError, "Could not connect to the Riak test node."
 end
-
-# activate the library
-Ripple::Encryption::Activation.new ENV['ENCRYPTION']
-
+# define test Ripple Documents
+Ripple::Encryption::Encryption.activate ENV['ENCRYPTION']
 class TestDocument
   include Ripple::Document
-  include Ripple::Encryption
+  include Ripple::Encryption::Encryption
   property :message, String
 
   def self.bucket_name
@@ -34,7 +32,9 @@ def self.bucket_name
   end
 end
 
-# load Riak fixtures the raw way
+TestDocument.bucket.get_index('$bucket', '_').each {|k| TestDocument.bucket.delete(k)}
+
+# load Riak fixtures
 FileList[File.expand_path(File.join('..','fixtures','*'),__FILE__)].each do |f|
   if Dir.exists? f
     fixture_type = File.basename(f)
@@ -43,15 +43,11 @@ def self.bucket_name
     rescue NameError
       raise NameError, "Is a Ripple Document of type '#{fixture_type.classify}' defined for that fixture file?"
     end
-    # unencrypted jsons
-    FileList[File.join(f,'*.unencrypted.riak')].each do |r|
-      key = File.basename(r,'.unencrypted.riak')
-      `curl -s -H 'content-type: application/json' -XPUT http://#{Ripple.config[:host]}:#{Ripple.config[:http_port]}/buckets/#{Ripple.config[:namespace]}#{fixture_type.pluralize}/keys/#{key} --data-binary @#{r}`
-    end
-    # encrypted jsons
-    FileList[File.join(f,'*.encrypted.riak')].each do |r|
-      key = File.basename(r,'.encrypted.riak')
-      `curl -s -H 'content-type: application/x-json-encrypted' -XPUT http://#{Ripple.config[:host]}:#{Ripple.config[:http_port]}/buckets/#{Ripple.config[:namespace]}#{fixture_type.pluralize}/keys/#{key} --data-binary @#{r}`
+    FileList[File.join(f,'*.riak')].each do |r|
+      key = File.basename(r,'.riak')
+      content_type = (key == 'v0_doc' ? 'application/json' : 'application/x-json-encrypted')
+      `curl -s -H 'content-type: #{content_type}' -XPUT http://#{Ripple.config[:host]}:#{Ripple.config[:http_port]}/buckets/#{Ripple.config[:namespace]}#{fixture_type.pluralize}/keys/#{key} --data-binary @#{r}`
     end
   end
 end
+
diff --git a/test/test_config.rb b/test/test_config.rb
index e2c4cc1..5991d61 100644
--- a/test/test_config.rb
+++ b/test/test_config.rb
@@ -2,10 +2,6 @@
 
 class TestConfig < MiniTest::Spec
   context "Ripple::Encryption::Config" do
-    should 'confirm encryption is active' do
-      assert Ripple::Encryption::Activation.activated?
-    end
-
     should "raise heck if the config file isn't found" do
       assert_raises Ripple::Encryption::ConfigError do
         config = Ripple::Encryption::Config.new('nowhere')
diff --git a/test/test_encryptor.rb b/test/test_encryptor.rb
index 39c2c1e..273c2ff 100644
--- a/test/test_encryptor.rb
+++ b/test/test_encryptor.rb
@@ -22,19 +22,19 @@ class TestEncryptor < MiniTest::Spec
 
   context "Ripple::Encryption::Encryptor with missing parameter" do
     should "raise an error if key is missing" do
-      assert_raises Ripple::Encryption::EncryptorError do
+      assert_raises Ripple::Encryption::EncryptorConfigError do
         Ripple::Encryption::Encryptor.new(:iv => 'iv', :cipher => 'AES-256-CBC')
       end
     end
 
     should "raise an error if iv is missing" do
-      assert_raises Ripple::Encryption::EncryptorError do
+      assert_raises Ripple::Encryption::EncryptorConfigError do
         Ripple::Encryption::Encryptor.new(:key => 'key', :cipher => 'AES-256-CBC')
       end
     end
 
     should "raise an error if cipher is missing" do
-      assert_raises Ripple::Encryption::EncryptorError do
+      assert_raises Ripple::Encryption::EncryptorConfigError do
         Ripple::Encryption::Encryptor.new(:key => 'key', :iv => 'iv')
       end
     end
diff --git a/test/test_json_document.rb b/test/test_json_document.rb
index 0f2b1d0..9970c6f 100644
--- a/test/test_json_document.rb
+++ b/test/test_json_document.rb
@@ -4,7 +4,7 @@ class TestJsonDocument < MiniTest::Spec
   context "Ripple::Encryption::JsonDocument" do
     setup do
       # get some encryption going
-      @config   = Ripple::Encryption::Config.new ENV['ENCRYPTION']
+      @config    = Ripple::Encryption::Config.new ENV['ENCRYPTION']
       encryptor = Ripple::Encryption::Encryptor.new @config.to_h
 
       # this is the data package that we want
diff --git a/test/test_ripple.rb b/test/test_ripple.rb
index aaeaddd..2da22cc 100644
--- a/test/test_ripple.rb
+++ b/test/test_ripple.rb
@@ -2,17 +2,16 @@
 
 class TestRipple < MiniTest::Spec
   context "TestDocument" do
-    should "read the ripple document" do
-      assert doc = TestDocument.find('some_other_data')
-      assert_equal 'this is secret data', doc.message
-    end
-
     should "write the ripple document" do
       document = TestDocument.new
       document.message = 'here is some new data'
       document.save
       same_document = TestDocument.find(document.key)
       assert_equal document.message, same_document.message
+
+      # read the document back out
+      read_doc = TestDocument.find(document.key)
+      assert_equal 'here is some new data', read_doc.message
     end
 
     should "write the ripple document raw confirmation" do
diff --git a/test/test_unencrypted_document.rb b/test/test_unencrypted_document.rb
index 0008054..194fdf9 100644
--- a/test/test_unencrypted_document.rb
+++ b/test/test_unencrypted_document.rb
@@ -1,20 +1,24 @@
 require 'helper'
 
-class TestUnencryptedDocument < MiniTest::Spec
+class TestMigrationV1ToV2 < MiniTest::Spec
   context "unencrypted GenericModel" do
+    setup do
+    end
+
     should "read unencrypted document type" do
-      assert (doc = TestDocument.find('some_data')), "Could not find fixture."
-      assert_equal 'this is unencrypted data', doc.message
+      assert v0 = TestDocument.find('v0_doc')
+      assert_equal 'this is unencrypted data', v0.message
     end
 
     should "write unencrypted document type when content-type is plain" do
       document = TestDocument.new
       document.message = 'here is some new data'
+      Ripple::Encryption::Encryption.class_variable_set(:@@is_activated, false)
       document.robject.content_type = 'application/json'
       document.save
-      expected_doc_data = '{"message":"here is some new data","_type":"TestDocument"}'
+      expected_v2_data = '{"message":"here is some new data","_type":"TestDocument"}'
       raw_data = `curl -s -XGET http://#{Ripple.config[:host]}:#{Ripple.config[:http_port]}/buckets/#{TestDocument.bucket_name}/keys/#{document.key}`
-      assert_equal expected_doc_data, raw_data
+      assert_equal expected_v2_data, raw_data
     end
   end
 end