lib/symmetric_encryption/key.rb in symmetric-encryption-4.0.1 vs lib/symmetric_encryption/key.rb in symmetric-encryption-4.1.0.beta1

@@ -1,71 +1,9 @@
 # The key, iv and encrypted data are handled in their raw form, with no encoding.
 module SymmetricEncryption
   class Key
     attr_reader :key, :iv, :cipher_name
 
-    # Returns [Key] from cipher data usually extracted from the configuration file.
-    #
-    # Supports N level deep key encrypting keys.
-    #
-    # Configuration keys:
-    # * key
-    # * encrypted_key
-    # * key_filename
-    def self.from_config(key: nil, key_filename: nil, encrypted_key: nil, key_env_var: nil,
-                         iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc')
-
-      if key_encrypting_key.is_a?(Hash)
-        # Recurse up the chain returning the parent key_encrypting_key
-        key_encrypting_key = from_config(cipher_name: cipher_name, **key_encrypting_key)
-      end
-
-      key ||=
-        if encrypted_key
-          raise(ArgumentError, 'Missing mandatory :key_encrypting_key when config includes :encrypted_key') unless key_encrypting_key
-          Keystore::Memory.new(encrypted_key: encrypted_key, key_encrypting_key: key_encrypting_key).read
-        elsif key_filename
-          Keystore::File.new(file_name: key_filename, key_encrypting_key: key_encrypting_key).read
-        elsif key_env_var
-          raise(ArgumentError, 'Missing mandatory :key_encrypting_key when config includes :key_env_var') unless key_encrypting_key
-          Keystore::Environment.new(key_env_var: key_env_var, key_encrypting_key: key_encrypting_key).read
-        end
-
-      new(key: key, iv: iv, cipher_name: cipher_name)
-    end
-
-    # Migrate a prior config.
-    #
-    # Note:
-    # * The config cannot be saved back to the config file once
-    #   migrated, without generating new Key Encrypting Keys.
-    # * Only run this migration in the target environment so that the
-    #   current key encrypting files are present.
-    def self.migrate_config!(config)
-      # Backward compatibility - Deprecated
-      private_rsa_key = config.delete(:private_rsa_key)
-
-      # Migrate old encrypted_iv
-      if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
-        encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
-        config[:iv]  = ::Base64.decode64(encrypted_iv)
-      end
-
-      # Migrate old iv_filename
-      if (file_name = config.delete(:iv_filename)) && private_rsa_key
-        encrypted_iv = File.read(file_name)
-        config[:iv]  = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
-      end
-
-      # Backward compatibility - Deprecated
-      config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
-
-      # Migrate old encrypted_key to new binary format
-      if (encrypted_key = config[:encrypted_key]) && private_rsa_key
-        config[:encrypted_key] = ::Base64.decode64(encrypted_key)
-      end
-    end
-
     def initialize(key: :random, iv: :random, cipher_name: 'aes-256-cbc')
       @key         = key == :random ? ::OpenSSL::Cipher.new(cipher_name).random_key : key
       @iv          = iv == :random ? ::OpenSSL::Cipher.new(cipher_name).random_iv : iv
       @cipher_name = cipher_name
     end