Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 05 00 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 ca e8 11 68 c9 2f 67 52 33 ff 4e
#> [51] 63 61 23 50 45 00 00 00 18 00 00 01 00 77 7e 36 29 c9 01 e0 9c ee 26 87 e4
#> [76] db 59 3c 0c b1 a8 a2 70 b0 68 c7 7b b6 99 61 6c 4d a2 c2 bc 72 96 6a 4b d2
#> [101] 64 52 81 5e 26 10 e9 d9 a8 87 93 07 10 f0 f9 49 27 a5 d5 c5 ca 60 d4 22 0e
#> [126] 50 0f 8a 46 47 88 08 a0 98 01 ca 92 bd 4c cf d1 e8 c9 b0 3c 1f de 5c b8 e4
#> [151] 16 da 70 5e 1d 31 bd 04 9e 1a 2f 72 b1 38 b8 7d 10 0a d5 ef 8a 57 fa 7e cd
#> [176] d9 7f b0 4c ee 60 ea f2 d1 b4 7e 1e dc 1e d9 cc 00 96 a8 e6 0a a6 2e d8 d9
#> [201] 99 29 ae ff 8f 5b ed e0 f0 aa 26 d5 d5 ac 58 0c 30 c9 6b 1e af 69 35 c7 c8
#> [226] b9 da 45 4d 7e dd 86 98 63 49 29 dc 43 bf 96 04 6c 5d d2 68 65 cd 99 25 c1
#> [251] 2f 88 2f d9 9c 19 5b 2d 20 0e da 5c 5e cf 12 26 a6 50 2e e0 38 58 e8 4e 71
#> [276] 8f c1 1b ec 89 cf 10 16 8c 62 c6 db b6 c0 67 e6 49 bd 73 eb d1 87 ec 39 a4
#> [301] 90 4d f1 23 e2 38 a4 09 06 0b 6b f5 e7 84 82 0c db e5 ae 00 00 00 18 00 00
#> [326] 00 10 8c d8 61 4c a6 80 9a c0 ba 14 31 1c 4a 22 97 df 00 00 00 18 00 00 01
#> [351] 00 8c b0 60 49 67 0c d4 24 7d e7 52 64 d0 00 5d 39 38 1b f0 69 02 27 12 2d
#> [376] 89 e1 be 23 a5 12 21 13 98 54 6a 75 58 cd 8d 32 2d 17 29 5f 49 da f4 72 43
#> [401] 57 c0 28 38 20 fd 69 69 45 ac e2 fb e9 bc 7e f7 df 4c 74 59 26 ff 60 5e 59
#> [426] 9f a0 0c db c4 c1 a7 93 d9 6c 0e 09 bf 6f d8 71 77 6e f3 d9 d4 18 7d 83 4f
#> [451] 64 c5 5a 84 9e 98 d4 0f d1 a1 85 85 1e 41 b0 9b 19 ac d8 22 8d 15 66 86 15
#> [476] db e5 a5 94 1c 99 0e 02 d1 bc 5b d3 de 9c 26 ce a9 a1 cd 07 9c d9 7b 4a 6d
#> [501] cd 8f a1 ab 2d ad 02 63 86 97 90 eb 41 90 bd a5 82 c1 9a ac f0 21 89 c1 cc
#> [526] 5d 7a 50 e5 b1 fb 22 6e bd a3 68 26 a0 84 94 f5 e8 48 fe 84 50 4f bf 52 e5
#> [551] 39 c4 83 85 a3 48 63 5e bd a6 15 57 4a ad c5 43 7d 57 c9 b1 9e ff 28 e7 5a
#> [576] d0 4c 30 f6 44 a7 d0 8f 22 54 d9 28 70 8f c6 d8 b6 a8 7d 71 90 c8 dd 09 5d
#> [601] 0f 28 e4 83 43 94 0c 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)