Skip to contents

Encrypted data administration

Source: R/data.R
data_admin.Rd

Encrypted data administration; functions for setting up, adding users, etc.

Usage

data_admin_init(path_data, path_user = NULL, quiet = FALSE)

data_admin_authorise(
  path_data = NULL,
  hash = NULL,
  path_user = NULL,
  yes = FALSE,
  quiet = FALSE
)

data_admin_list_requests(path_data = NULL)

data_admin_list_keys(path_data = NULL)

Arguments

path_data

Path to the data set. We will store a bunch of things in a hidden directory within this path. By default in most functions we will search down the tree until we find the .cyphr directory

path_user

Path to the directory with your ssh key. Usually this can be omitted.

quiet

Suppress printing of informative messages.

hash

A vector of hashes to add. If provided, each hash can be the binary or string representation of the hash to add. Or omit to add each request.

yes

Skip the confirmation prompt? If any request is declined then the function will throw an error on exit.

Details

data_admin_init initialises the system; it will create a data key if it does not exist and authorise you. If it already exists and you do not have access it will throw an error.

data_admin_authorise authorises a key by creating a key to the data that the user can use in conjunction with their personal key.

data_admin_list_requests lists current requests.

data_admin_list_keys lists known keys that can access the data. Note that this is not secure; keys not listed here may still be able to access the data (if a key was authorised and moved elsewhere for example). Conversely, if the user has deleted or changed their key they will not be able to access the data despite the key being listed here.

See also

data_request_access() for requesting access to the data, and and data_key for using the data itself. But for a much more thorough overview, see the vignette (vignette("data", package = "cyphr")).

Examples


# The workflow here does not really lend itself to an example,
# please see the vignette instead.

# First we need a set of user ssh keys.  In a non example
# environment your personal ssh keys will probably work well, but
# hopefully they are password protected so cannot be used in
# examples.  The password = FALSE argument is only for testing,
# and should not be used for data that you care about.
path_ssh_key <- tempfile()
cyphr::ssh_keygen(path_ssh_key, password = FALSE)

# Initialise the data directory, using this key path.  Ordinarily
# the path_user argument would not be needed because we would be
# using your user ssh keys:
path_data <- tempfile()
dir.create(path_data, FALSE, TRUE)
cyphr::data_admin_init(path_data, path_user = path_ssh_key)
#> Generating data key
#> Authorising ourselves
#> Adding key 9c:45:e2:28:14:ad:31:13:68:fb:3c:0d:5a:43:c6:86:56:a8:53:de:80:ee:7e:39:bd:e9:3e:71:80:c7:8f:db
#>   user: root
#>   host: 709e98efa5ba
#>   date: 2024-10-28 06:06:20.143561
#> Verifying

# Now you can get the data key
key <- cyphr::data_key(path_data, path_user = path_ssh_key)

# And encrypt things with it
cyphr::encrypt_string("hello", key)
#>  [1] 08 87 fc 7a 1f c9 db a6 52 75 21 ff f3 f9 a3 82 47 ed 7e 75 f0 6e e1 e8 ee
#> [26] 26 65 a7 1c 0c e9 d1 31 2e 00 5f 46 f2 b6 3e 19 1d 59 f2 f7

# See the vignette for more details.  This is not the best medium
# to explore this.

# Cleanup
unlink(path_ssh_key, recursive = TRUE)
unlink(path_data, recursive = TRUE)