Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 05 00 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 60 16 14 d9 66 bf d3 ad 33 48 ca
#> [51] d2 0c fe 61 50 00 00 00 18 00 00 01 00 87 53 97 de b9 a6 19 8f 1f 69 8c ce
#> [76] 80 69 18 1c 38 ff 2b 67 ef b7 c3 13 7e d7 86 bf fb 33 7e 38 27 20 92 0a 3b
#> [101] 69 a2 d2 65 f3 fb 8f 31 6b 05 7b 4b 1f 1a 17 02 8a 47 21 f1 6f 7f 4e 90 95
#> [126] d8 e1 e5 8b 59 83 fd 0b 89 ce e7 2c f5 3b ff 0f e6 31 08 7d d8 62 33 05 29
#> [151] 7f e3 8b 2f a8 58 77 db 15 ec e1 9b f4 94 4a a6 e4 cb ba aa 0b f9 af 0e b7
#> [176] c2 9e 5b c1 11 0d 9e aa 39 54 c3 0a 8d c8 ba 38 7e 5d 1b fa fa 13 2a 9a 01
#> [201] 63 a9 f9 6f 68 92 19 cf 0b 52 be 9d 42 26 36 2e 72 fa bc 5a 73 3a 00 13 fa
#> [226] a8 37 4c 4e 06 3d fe 96 6e a1 17 40 4a 21 88 7a 9e af eb ed c6 8c e9 04 3e
#> [251] fa d9 c2 e3 2a 58 4d a8 04 64 8e 5b 19 7b d8 f4 dc 21 85 2d a2 98 65 3f 24
#> [276] 14 7a 8d 59 8a d2 80 23 68 58 79 cd 40 16 63 d7 e2 65 ba 21 5c 65 e9 a7 5a
#> [301] 31 b0 dc 76 89 f6 94 96 a8 e7 e0 c3 bb 69 3d a5 0b 6e 6a 00 00 00 18 00 00
#> [326] 00 10 c1 19 2a cb 14 35 40 f9 1a c6 22 d8 c1 48 ef a9 00 00 00 18 00 00 01
#> [351] 00 8b 28 34 e4 3d a5 63 eb 01 43 e5 8c 64 ba 25 e0 12 ae 76 d7 34 90 9c d0
#> [376] a8 31 e5 f4 7a 7b 7a 50 0d 63 2d f2 34 cb 37 ef 51 50 52 16 ea 74 cf 30 66
#> [401] 84 b1 dc 57 f0 32 4e 88 1e 2b 92 2d 2d c2 66 39 d2 ae 4a f0 53 8c 24 83 6c
#> [426] ba 1c 3b d6 85 3f 82 ce 0e 53 c3 0d 92 7a cb 2e 57 fd 01 98 fb f3 e3 a1 c4
#> [451] fa 63 cc b7 e5 57 73 dc 5c 4f a5 69 3d 94 e3 b7 34 f3 d6 60 cf 26 2f 59 3a
#> [476] 14 7a 61 2a 37 a8 3b ac db ba d5 36 23 68 67 c8 52 21 15 84 48 1a 1b ab 6a
#> [501] b5 9c 3c 05 97 6b 03 d7 f2 2f e5 89 76 3c ea 11 ee 54 67 e9 84 13 3d 21 da
#> [526] 49 98 05 d3 0e 0b 1e bd 09 0a 2c 76 6e e6 1d dd c1 04 45 f3 cf b0 9b 80 d2
#> [551] 88 e8 4c c2 b3 88 72 9e df b6 7d fe 7b e0 01 f6 d9 29 3c 43 fa 09 4f d1 63
#> [576] 87 85 c2 37 83 4d d6 97 c9 2c 0a 58 20 4f b3 70 c4 20 b1 bc 97 9f 53 43 a8
#> [601] 6e 95 aa 67 db 36 86 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)