lib/symmetric_encryption/symmetric_encryption.rb in symmetric-encryption-3.8.3 vs lib/symmetric_encryption/symmetric_encryption.rb in symmetric-encryption-3.9.0

@@ -31,11 +31,11 @@
   # Set the Primary Symmetric Cipher to be used
   #
   # Example: For testing purposes the following test cipher can be used:
   #
   #   SymmetricEncryption.cipher = SymmetricEncryption::Cipher.new(
-  #     key:    '1234567890ABCDEF1234567890ABCDEF',
+  #     key:    '1234567890ABCDEF',
   #     iv:     '1234567890ABCDEF',
   #     cipher: 'aes-128-cbc'
   #   )
   def self.cipher=(cipher)
     raise(ArgumentError, 'Cipher must respond to :encrypt and :decrypt') unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
@@ -251,29 +251,62 @@
   #        Mandatory for non-Rails apps
   #        Default: Rails.root/config/symmetric-encryption.yml
   #  environment:
   #    Which environments config to load. Usually: production, development, etc.
   #    Default: Rails.env
-  def self.load!(filename=nil, environment=nil)
+  def self.load!(filename = nil, environment = nil)
     Config.load!(filename, environment)
   end
 
   # Generate new random symmetric keys for use with this Encryption library
   #
   # Note: Only the current Encryption key settings are used
   #
-  # Creates Symmetric Key .key
-  #   and initialization vector .iv
-  #       which is encrypted with the above Public key
+  # Creates Symmetric Key .key and initialization vector .iv
+  # which is encrypted with the key encryption key.
   #
   # Existing key files will be renamed if present
-  def self.generate_symmetric_key_files(filename=nil, environment=nil)
+  def self.generate_symmetric_key_files(filename = nil, environment = nil)
     config        = Config.read_config(filename, environment)
 
     # Only regenerating the first configured cipher
     cipher_config = config[:ciphers].first
-    key_config    = {environment: environment, private_rsa_key: config[:private_rsa_key]}
-    Cipher.generate_random_keys(key_config.merge(cipher_config))
+
+    # Delete unused config keys to generate new random keys
+    [:version, :always_add_header].each do |key|
+      cipher_config.delete(key)
+    end
+
+    key_config    = {private_rsa_key: config[:private_rsa_key]}
+    cipher_cfg    = Cipher.generate_random_keys(key_config.merge(cipher_config))
+
+    puts
+    if encoded_encrypted_key = cipher_cfg[:encrypted_key]
+      puts 'If running in Heroku, add the environment specific key:'
+      puts "heroku config:add #{environment.upcase}_KEY1=#{encoded_encrypted_key}\n"
+    end
+
+    if encoded_encrypted_iv = cipher_cfg[:encrypted_iv]
+      puts 'If running in Heroku, add the environment specific key:'
+      puts "heroku config:add #{environment.upcase}_IV1=#{encoded_encrypted_iv}"
+    end
+
+    if key = cipher_cfg[:key]
+      puts "Please add the key: #{key} to your config file"
+    end
+
+    if iv = cipher_cfg[:iv]
+      puts "Please add the iv: #{iv} to your config file"
+    end
+
+    if file_name = cipher_cfg[:key_filename]
+      puts("Please copy #{file_name} to the other servers in #{environment}.")
+    end
+
+    if file_name = cipher_cfg[:iv_filename]
+      puts("Please copy #{file_name} to the other servers in #{environment}.")
+    end
+    cipher_cfg
   end
 
   # Generate a 22 character random password
   def self.random_password
     Base64.encode64(OpenSSL::Cipher.new('aes-128-cbc').random_key)[0..-4].strip