Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub. IfNULL, then your public key will be used (found via the environment variableUSER_PUBKEY, then~/.ssh/id_rsa.pub). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULLhere, in which case the environment variableUSER_KEYis checked and if that is not defined then~/.ssh/id_rsawill be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()andopenssl::decrypt_envelope(). IfFALSEthen we useopenssl::rsa_encrypt()andopenssl::rsa_decrypt(). See the openssl docs for further details. The main effect of this is that usingenvelope = TRUEwill allow you to encrypt much larger data thanenvelope = FALSE; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULLthen you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUEthen your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium() for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 06 00 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 46 cf 3d b6 21 36 7e 12 97 43 a3
#> [51] 52 19 48 2f 06 00 00 00 18 00 00 01 00 2d 05 b9 88 91 af 05 2d ee 28 b3 f9
#> [76] b4 a5 b1 ed eb a0 de b6 86 85 69 33 9e 1c f7 ec cc f6 81 b3 90 a5 9d 40 2f
#> [101] 58 67 ba 33 ac 88 b1 c4 44 4e a1 21 cc 04 3c ec fd 47 f9 4f 4b 30 59 60 ee
#> [126] d7 a8 cc 65 08 73 43 df 1b 78 04 05 2b bc 1c c6 d4 52 7b 9a 3f 65 9e 50 2d
#> [151] fe 63 1f 1f 49 3c a7 48 28 8f ed c4 68 54 0c 29 15 fb 78 32 29 9f 95 57 14
#> [176] bd b4 20 38 a6 f8 66 60 80 c7 ed 41 3f 2e a3 11 5e f4 04 d9 a7 c7 19 60 fc
#> [201] ef 48 79 75 fc 45 44 18 71 5b 47 9b 2e de 57 ff a6 19 34 89 66 42 84 9b 0e
#> [226] 09 18 b1 eb 2e ba 6f 5d 09 fd e3 a4 0c 5a f2 22 94 b2 ea 8b c5 46 52 6d bb
#> [251] 75 b8 22 59 66 9e fe a7 ac 25 e3 1a 68 65 71 ea f2 82 4b 7c f9 4f 0a 79 cc
#> [276] ca dc 3b 4a 61 cb b2 9f 39 31 af 48 78 d5 b7 b6 2c d2 5c 37 6e 14 68 2b c9
#> [301] 29 68 2e a5 74 13 4f ca 04 59 9a a3 e4 3e d5 9d 0a c0 23 00 00 00 18 00 00
#> [326] 00 10 1f bc 8b 6c a0 56 17 fc ea c6 bf bb 00 f2 02 ec 00 00 00 18 00 00 01
#> [351] 00 c4 68 2d c7 28 69 81 22 ea e7 c8 ff 81 a1 3a 9e 1c 71 8b b2 a4 ed cc da
#> [376] 40 2b 3c 27 c5 ae 93 be 88 68 f5 b8 2c f9 47 d5 bb 7c 5f 95 b2 66 3e 70 6b
#> [401] c0 9e 7f a4 d2 2c 0f 6a 8e 7d d1 8c fa bd cf 83 ef cf 9a 79 01 41 73 9c ef
#> [426] 21 46 76 86 ae 9e 50 e9 d9 d4 15 61 76 4e 20 3c 6a 64 16 fe 50 44 0b 32 98
#> [451] 0c 0f 85 67 d5 a5 10 82 ae 69 5c e3 a0 3b e8 d9 84 3c 16 45 43 15 9d 95 9b
#> [476] f6 c8 a0 dd e4 e0 ed d5 5e 14 ca 79 19 b3 fd 33 86 c4 00 d4 84 33 0f 3d 3e
#> [501] ae e9 56 4f cd b1 2c 6d 2a 7f e1 b3 95 2b 19 4f 54 9c b9 11 52 d1 54 d3 8a
#> [526] bd fc 28 57 83 a9 9b 56 d4 7f d9 d2 e0 bd fb 52 d6 e3 59 cd 4b 50 b9 ff ae
#> [551] 6f 72 32 01 26 b5 3e 3a cf 72 c8 9d 30 5d f5 10 15 e1 dc 64 c7 1f 40 5b 52
#> [576] 56 11 24 94 65 03 a7 1a 01 92 23 49 42 7a 95 93 2a f5 4d 4c 42 61 39 b9 48
#> [601] a9 58 6e cc 4b d8 80 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)
