Change Config into a class.

lib/symmetric_encryption.rb

@@ -21,7 +21,7 @@ module SymmetricEncryption
   autoload :CLI,                    'symmetric_encryption/cli'
   module Keystore
     autoload :File,                 'symmetric_encryption/keystore/file'
-    autoload :String,               'symmetric_encryption/keystore/string'
+    autoload :Memory,               'symmetric_encryption/keystore/memory'
   end
   module Utils
     autoload :Generate,             'symmetric_encryption/utils/generate'

lib/symmetric_encryption/cipher.rb

@@ -11,75 +11,6 @@ class Cipher
     attr_reader :encoding, :key_filename, :iv_filename, :key_encryption_key
     attr_writer :key
 
-    # Generate new randomized keys and generate key and iv files if supplied.
-    # Overwrites key files for the current environment.
-    #
-    # Parameters
-    #   :key_filename
-    #     Name of file that will contain the symmetric key encrypted using the public
-    #     key from the private_rsa_key.
-    #  Or,
-    #   :encrypted_key
-    #     Symmetric key encrypted using the public key from the private_rsa_key
-    #     and then Base64 encoded
-    #
-    #  Note:
-    #    If :key_filename and :encrypted_key are not supplied then a new :key will be returned.
-    #    :key is the Symmetric Key to use for encryption and decryption.
-    #
-    #
-    #   :iv_filename
-    #     Name of file containing symmetric key initialization vector
-    #     encrypted using the public key from the private_rsa_key
-    #     Deprecated: It is _not_ necessary to encrypt the initialization vector (IV)
-    #  Or,
-    #   :encrypted_iv
-    #     Initialization vector encrypted using the public key from the private_rsa_key
-    #     and then Base64 encoded
-    #     Deprecated: It is _not_ necessary to encrypt the initialization vector (IV)
-    #
-    #  Note:
-    #    If :iv_filename and :encrypted_iv are not supplied then a new :iv will be returned.
-    #    :iv is the Initialization Vector to use with Symmetric Key.
-    #
-    #
-    #   private_rsa_key [String]
-    #     Key encryption key.
-    #     To generate a new one: SymmetricEncryption::KeyEncryptionKey.generate
-    #     Required if :key_filename, :encrypted_key, :iv_filename, or :encrypted_iv is supplied
-    #
-    #   :cipher_name [String]
-    #     Encryption Cipher to use.
-    #     Default: aes-256-cbc
-    #
-    #   :encoding [Symbol]
-    #     :base64strict
-    #       Return as a base64 encoded string that does not include additional newlines
-    #       This is the recommended format since newlines in the values to
-    #       SQL queries are cumbersome. Also the newline reformatting is unnecessary
-    #       It is not the default for backward compatibility
-    #     :base64
-    #       Return as a base64 encoded string
-    #     :base16
-    #       Return as a Hex encoded string
-    #     :none
-    #       Return as raw binary data string. Note: String can contain embedded nulls
-    #     Default: :base64strict
-    def self.generate_random_keys(cipher_name: 'aes-256-cbc', encoding: :base64,
-      private_rsa_key: nil,
-      key_filename: nil, encrypted_key: nil,
-      iv_filename: nil, encrypted_iv: nil)
-
-      cipher = new(
-        cipher_name:     cipher_name,
-        encoding:        encoding,
-        private_rsa_key: private_rsa_key,
-        key_filename:    key_filename,
-        iv_filename:     iv_filename
-      )
-      cipher.to_h
-    end
-
     # Create a Symmetric::Cipher for encryption and decryption purposes
     #
     # Parameters:
@@ -146,7 +77,10 @@ def self.generate_random_keys(cipher_name: 'aes-256-cbc', encoding: :base64,
     #     Key encryption key to encrypt/decrypt the key and/or iv with.
     #     Note:
     #     - `private_rsa_key` is not used if `key_encryption_key` is supplied.
-    def initialize(cipher_name: 'aes-256-cbc', encoding: :base64strict, version: 0, always_add_header: true,
+    def initialize(cipher_name: 'aes-256-cbc',
+                   encoding: :base64strict,
+                   version: 0,
+                   always_add_header: true,
                    private_rsa_key: nil, key_encryption_key: nil,
                    key_filename: nil, encrypted_key: nil, key: :random,
                    iv_filename: nil, encrypted_iv: nil, iv: :random)
@@ -168,16 +102,16 @@ def initialize(cipher_name: 'aes-256-cbc', encoding: :base64strict, version: 0,
       raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version > 255) || (@version < 0)
 
       if key_filename || encrypted_key || iv_filename || encrypted_iv
-        raise(SymmetricEncryption::ConfigError, 'Missing required :private_rsa_key, or :key_encryption_key') unless key_encryption_key
+        raise(SymmetricEncryption::ConfigError, 'Missing required :private_rsa_key, or :key_encryption_key') unless @key_encryption_key
       end
 
       @key =
         if key != :random && key != nil
           key
         elsif key_filename
-          Keystore::File.new(file_name: key_filename, key_encryption_key: key_encryption_key).read
+          Keystore::File.new(file_name: key_filename, key_encryption_key: @key_encryption_key).read
         elsif encrypted_key
-          Keystore::String.new(encrypted_key: encrypted_key, key_encryption_key: key_encryption_key).read
+          Keystore::Memory.new(encrypted_key: encrypted_key, key_encryption_key: @key_encryption_key).read
         elsif key == :random
           random_key
         else
@@ -188,9 +122,9 @@ def initialize(cipher_name: 'aes-256-cbc', encoding: :base64strict, version: 0,
         if iv != :random && iv != nil
           iv
         elsif iv_filename
-          Keystore::File.new(file_name: iv_filename, key_encryption_key: key_encryption_key).read
+          Keystore::File.new(file_name: iv_filename, key_encryption_key: @key_encryption_key).read
         elsif encrypted_iv
-          Keystore::String.new(encrypted_key: encrypted_iv, key_encryption_key: key_encryption_key).read
+          Keystore::Memory.new(encrypted_key: encrypted_iv, key_encryption_key: @key_encryption_key).read
         elsif iv == :random
           random_iv
         end
@@ -306,7 +240,7 @@ def encrypt(str, random_iv: false, compress: false)
       return if str.nil?
       str = str.to_s
       return str if str.empty?
-      encrypted = binary_encrypt(str, random_iv, compress)
+      encrypted = binary_encrypt(str, random_iv: random_iv, compress: compress)
       self.encode(encrypted)
     end
 
@@ -407,7 +341,7 @@ def binary_encrypt(str, random_iv: false, compress: false, add_header: always_ad
           iv                = random_iv ? openssl_cipher.random_iv : iv
           openssl_cipher.iv = iv if iv
           # Set the binary indicator on the header if string is Binary Encoded
-          header            = Header.new(version: version, compressed: compress, iv: random_iv ? iv : nil)
+          header = Header.new(version: version, compressed: compress, iv: random_iv ? iv : nil)
           header.to_s + openssl_cipher.update(compress ? Zlib::Deflate.deflate(string) : string)
         else
           openssl_cipher.iv = iv if iv
@@ -498,6 +432,21 @@ def self.random_key_pair(cipher_name = 'aes-256-cbc')
       }
     end
 
+    # DEPRECATED
+    def self.generate_random_keys(cipher_name: 'aes-256-cbc', encoding: :base64strict,
+      private_rsa_key: nil,
+      key_filename: nil, encrypted_key: nil,
+      iv_filename: nil, encrypted_iv: nil)
+
+      Utils::Generate.random_keys(
+        cipher_name:     cipher_name,
+        encoding:        encoding,
+        private_rsa_key: private_rsa_key,
+        key_filename:    key_filename,
+        iv_filename:     iv_filename
+      )
+    end
+
     private
 
     attr_reader :key

lib/symmetric_encryption/cli.rb

@@ -6,7 +6,7 @@ module SymmetricEncryption
   class CLI
     attr_reader :parser, :key_path, :app_name, :encrypt, :config_file_path,
                 :decrypt, :random_password, :keys, :gen_config, :environment,
-                :heroku, :re_encrypt, :version, :output_filename, :compress
+                :heroku, :re_encrypt, :version, :output_file_name, :compress
 
     def initialize(argv)
       @version          = SymmetricEncyption.cipher.version
@@ -34,13 +34,13 @@ def run!
         SymmetricEncryption.generate_symmetric_key_files(config_file_path, envirsonment)
       elsif gen_config
         generator = SymmetricEncryption::Utils::Generate.new
-        filename  = generator.config(
-          heroku:   heroku,
-          key_path: key_path,
-          app_name: app_name,
-          filename: config_file_path
+        file_name = generator.config(
+          heroku:    heroku,
+          key_path:  key_path,
+          app_name:  app_name,
+          file_name: config_file_path
         )
-        puts "New configuration file created at: #{filename}"
+        puts "New configuration file created at: #{file_name}"
       elsif re_encrypt
         SymmetricEncryption::Utils::ReEncrypt.new(version: version).process_directory(re_encrypt)
       else
@@ -58,16 +58,16 @@ def setup
       @parser = OptionParser.new do |opts|
         opts.banner = "Symmetric Encryption #{VERSION} CLI\n\nsymmetric-encryption <options>\n"
 
-        opts.on '-e', '--encrypt FILE_NAME', 'Encrypt a file, or prompt for a text value if no file name is supplied.' do |filename|
-          @encrypt = filename || true
+        opts.on '-e', '--encrypt FILE_NAME', 'Encrypt a file, or prompt for a text value if no file name is supplied.' do |file_name|
+          @encrypt = file_name || true
         end
 
-        opts.on '-d', '--decrypt FILE_NAME', 'Decrypt a file, or prompt for an encrypted value if no file name is supplied.' do |filename|
-          @decrypt = filename || true
+        opts.on '-d', '--decrypt FILE_NAME', 'Decrypt a file, or prompt for an encrypted value if no file name is supplied.' do |file_name|
+          @decrypt = file_name || true
         end
 
-        opts.on '-o', '--output FILE_NAME', 'Write encrypted or decrypted file to this file.' do |filename|
-          @output_filename = filename
+        opts.on '-o', '--output FILE_NAME', 'Write encrypted or decrypted file to this file.' do |file_name|
+          @output_file_name = file_name
         end
 
         opts.on '-Z', '--compress', 'Compress encrypted output file. Default: false' do
@@ -151,17 +151,17 @@ def decrypt_string
       text      = SymmetricEncryption.decrypt(value)
 
       puts "\nEncrypted: #{encrypted}"
-      output_filename ? File.open(output_filename, 'wb') { |f| f << text } : puts "Decrypted: #{text}\n\n"
+      output_file_name ? File.open(output_file_name, 'wb') { |f| f << text } : puts "Decrypted: #{text}\n\n"
     end
 
-    def decrypt_file(input_filename)
-      if output_filename
-        puts "\nDecrypting file: #{input_filename} and writing to: #{output_filename}\n\n"
-        SymmetricEncryption::Reader.decrypt(source: input_filename, target: output_filename)
-        puts "\n#{output_filename} now contains the decrypted contents of #{input_filename}\n\n"
+    def decrypt_file(input_file_name)
+      if output_file_name
+        puts "\nDecrypting file: #{input_file_name} and writing to: #{output_file_name}\n\n"
+        SymmetricEncryption::Reader.decrypt(source: input_file_name, target: output_file_name)
+        puts "\n#{output_file_name} now contains the decrypted contents of #{input_file_name}\n\n"
       else
         # No output file, so decrypt to stdout with no other output.
-        SymmetricEncryption::Reader.decrypt(source: input_filename, target: STDOUT)
+        SymmetricEncryption::Reader.decrypt(source: input_file_name, target: STDOUT)
       end
     end
 
@@ -184,17 +184,17 @@ def encrypt_string
       end
 
       encrypted = SymmetricEncryption.encrypt(value1)
-      output_filename ? File.open(output_filename, 'wb') { |f| f << encrypted } : puts "\nEncrypted: #{encrypted}\n\n"
+      output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts "\nEncrypted: #{encrypted}\n\n"
     end
 
-    def encrypt_file(input_filename)
-      if output_filename
-        puts "\nEncrypting file: #{input_filename} and writing to: #{output_filename}\n\n"
-        SymmetricEncryption::Writer.encrypt(source: input_filename, target: output_filename, compress: compress)
-        puts "\n#{output_filename} now contains the decrypted contents of #{input_filename}\n\n"
+    def encrypt_file(input_file_name)
+      if output_file_name
+        puts "\nEncrypting file: #{input_file_name} and writing to: #{output_file_name}\n\n"
+        SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name, compress: compress)
+        puts "\n#{output_file_name} now contains the decrypted contents of #{input_file_name}\n\n"
       else
         # No output file, so decrypt to stdout with no other output.
-        SymmetricEncryption::Reader.decrypt(source: input_filename, target: STDOUT)
+        SymmetricEncryption::Reader.decrypt(source: input_file_name, target: STDOUT)
       end
     end
 
@@ -203,7 +203,7 @@ def gen_random_password
       puts "\nGenerated Password: #{p}"
       encrypted = SymmetricEncryption.encrypt(p)
       puts "Encrypted: #{encrypted}\n\n"
-      File.open(output_filename, 'wb') { |f| f << encrypted } if output_filename
+      File.open(output_file_name, 'wb') { |f| f << encrypted } if output_file_name
     end
 
   end