Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 05 00 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 d4 bb aa 39 92 ff e3 a5 bb 73 f9
#> [51] 02 6d 9a ae 5f 00 00 00 18 00 00 01 00 7f c3 27 3c 01 2d 17 2f d4 1e b4 c9
#> [76] d2 e2 8c a8 47 4e 21 ca 4a e1 69 7c 0c ca e2 53 87 c1 24 02 ac bb 3d 29 f7
#> [101] 70 e5 22 ed da c4 4e 95 8f 2a 35 98 9b 62 3a 8e a7 dc 3b 02 db 48 51 28 d5
#> [126] 05 8d 0f 84 bd a4 44 13 02 88 01 9a c0 ec 3d 2c e8 ac 06 40 e2 96 af d4 f0
#> [151] 6a fd 57 a2 d7 68 1a bf b8 9b 1c 01 f0 df 13 1d 0d ce ea e9 6a 4e 5d 10 a8
#> [176] 47 55 7a 75 b0 f5 d1 8d c0 e5 c6 2a e6 b4 f7 f7 d8 8d 55 53 61 e1 5d 1e 25
#> [201] 9d 07 19 32 43 da 03 cb 5a b0 54 cd 28 b9 ed 67 4e d5 18 02 53 6f 71 bc 3f
#> [226] dd ef e6 c9 d7 b5 d8 8a 8c 43 5e 58 2a ff 44 7c 3d 53 0c 76 f2 f8 7d 2e 4c
#> [251] 72 a6 24 0f 0c ef 8b a0 b7 0c a4 c9 61 05 fc 99 4e 37 58 3f d4 3b 3a dc c6
#> [276] e7 1e 5d 46 d1 0e 98 52 80 b9 03 41 2d 89 86 89 fb 87 9d f3 67 09 42 80 bd
#> [301] f1 a8 25 f5 8e 3c 70 a8 75 37 49 a1 71 cc 61 94 68 9c bd 00 00 00 18 00 00
#> [326] 00 10 f4 ae 7b 7c 4a 3a 37 f8 f9 4f b0 3f 42 1f c4 7e 00 00 00 18 00 00 01
#> [351] 00 9a 3e 8e 82 99 23 51 b5 99 99 c2 79 0b 31 49 e0 25 87 59 a5 98 27 7d 72
#> [376] bd 74 84 c1 6f 39 bb 27 6e 6b f1 e4 b5 cd 02 0d 19 bb c4 e1 c4 37 e6 07 54
#> [401] b3 1a 44 b3 af 2d b4 ca 17 64 6e 91 9b f4 01 7b a1 06 54 ae 6d bd 65 30 a5
#> [426] 46 79 f0 4e 5a 60 d6 23 97 2b e5 3a 17 62 13 93 49 98 35 47 ac bb be 90 39
#> [451] fa a4 dd 93 b0 48 ae 21 05 ea 9d 2a b4 23 a9 72 aa 1d 41 da 08 7d 69 5d 92
#> [476] 7c 34 2d ce 0d ce fd 2c bb eb c9 9f ad ca d1 2a ec 97 d4 96 8a 14 3f 65 d4
#> [501] 9f 4e 21 f5 43 cb 41 e4 68 c2 fb 8e 16 ab 59 53 1e 58 72 ff cb 3d 2b e6 0f
#> [526] 1c 1c 31 89 88 fb fb 64 be 6a b3 0f 71 1c c1 88 58 0b 40 a2 0f ef 69 72 6a
#> [551] 1e b0 ff 5b 89 cf 7b 56 36 19 ad c7 7e 01 6f f9 0d 37 48 a1 54 ef 4b ec 0a
#> [576] 5e f4 00 a1 93 a3 47 ff 58 2d 67 5a a5 39 46 40 39 e1 9f f7 f5 12 76 7a 4a
#> [601] 88 85 5e 60 0e 94 c9 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)