Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 04 00 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 ef 22 f5 d0 2b 26 ca f6 ae 0a 32
#> [51] 62 61 88 1b df 00 00 00 18 00 00 01 00 4a b3 77 77 3a 5a 88 00 c9 92 85 7c
#> [76] 2b 05 55 b3 f4 f8 e8 4c 8a 25 39 a9 7d d0 85 5c 39 89 f2 23 47 6d 72 1d 73
#> [101] f8 33 2c 81 6f 8e c2 dd b4 1a 9f 56 19 ac ed 71 d0 a8 63 02 16 26 b3 fc f0
#> [126] 97 45 47 3a 14 0a 9a f7 26 b6 dd be ca 3e a4 75 c1 b2 8f 02 74 6c 16 60 39
#> [151] 66 48 c0 b7 93 a5 3b 63 c7 36 eb e2 9d 0a eb 54 09 9c 18 da c0 58 90 28 b2
#> [176] df 2d 17 b6 d8 00 83 c2 9b 7d 28 62 c3 14 40 75 b2 35 04 e8 64 6b e9 9d 01
#> [201] 9b 4c d0 d4 07 6b 25 d2 94 5f a9 f0 70 0b 34 65 61 4f c4 65 46 29 07 09 ea
#> [226] a5 77 cf 44 a0 f6 b2 f3 46 70 c5 80 1e 98 c6 a0 1f 80 cf fd 84 e3 93 04 5a
#> [251] dc d2 d8 c3 91 fc f8 54 aa 03 c5 d9 b1 45 46 3b 8b b0 88 13 6f a4 1c 41 21
#> [276] ba a5 4a 18 72 4b e1 93 e1 2d 60 c9 be d7 b6 14 9f 4f 60 21 cc e8 9f 1b ff
#> [301] 32 76 8a a8 0e a7 17 c8 78 5f 8b 1e 4d d5 9a 60 a6 30 3b 00 00 00 18 00 00
#> [326] 00 10 10 f2 7b b3 96 f7 22 57 77 a2 f8 2f 98 df a7 66 00 00 00 18 00 00 01
#> [351] 00 70 c7 95 63 f3 39 bb 63 f8 b1 bc be 87 9f fc 34 0d c9 9c 7a 33 d5 8a 45
#> [376] 75 89 c1 7e f9 51 08 9d b5 68 bd 2b 6d 60 c9 14 98 76 7d 1e 46 3b 13 91 3f
#> [401] da bc 84 d8 77 c1 9e 13 fb 84 fe 59 c8 b8 e7 57 20 21 58 29 b0 5a fb 72 57
#> [426] 42 87 e1 4d bf 65 f5 71 02 71 d9 86 b0 93 6d 9a 77 27 2b 76 df 09 1f 9b ac
#> [451] db d1 27 d5 63 3a ec b6 20 98 27 4d 2d 59 b9 65 c6 f3 40 02 17 fa 3a 11 84
#> [476] 4a 9c 75 d1 1e 80 02 ef 59 36 3c a4 85 85 b0 68 67 64 d6 d3 44 6f 82 ba 4e
#> [501] 77 d6 5d be 7a e6 bb eb db 5a d3 f5 53 e0 27 4c 13 91 96 9b 3f 46 1f 69 ab
#> [526] 96 2a 5a 37 8f d1 4d a8 5a 26 44 4e 37 02 d0 db 53 b6 85 9b af 33 6a 69 f1
#> [551] c3 71 4e 1f 7a 2e 3b f0 cf c4 2e c6 c9 81 d1 be 00 a1 e6 4e ee 98 2d e2 35
#> [576] 9e 15 9e 78 cb 5b f8 7c 12 be 19 f3 5c 78 3b 02 06 b8 26 ad aa 09 70 52 3f
#> [601] 7d e6 a8 44 a6 89 1e 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)