Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 03 02 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 ac b6 53 f8 43 8c bc 83 70 c5 d5
#> [51] f7 c0 56 5d a7 00 00 00 18 00 00 01 00 d9 92 ab 5b e2 d3 0f 03 57 8b 9c 1b
#> [76] 4a 7a c7 4c 0e d5 bb e9 13 54 a7 fa 41 9e 91 0d d7 a2 ad d9 f0 ab 5e 3a d9
#> [101] e6 52 5a 9b db 01 b6 b2 37 2e f0 2f 49 7f 72 05 a8 c9 19 ea e8 de 7d cd 9e
#> [126] 06 1c b7 7b 0f a8 e7 e6 a7 fb 1f 79 1a 52 85 b0 5f b0 1d 41 8a 13 af d8 73
#> [151] dd df b9 c6 a5 b4 d6 04 4a e6 24 86 67 ca 7b 35 08 5c 6d 16 f8 d3 01 b8 c7
#> [176] 05 ef ff f4 94 c8 52 3d 0e f8 2d 7c f6 9a 8f 4c 93 97 3f 27 45 54 85 49 8d
#> [201] 1a d3 b4 91 43 5a 75 e5 3a b2 b7 63 25 ca a5 94 06 21 f4 5e c7 cc 27 44 4d
#> [226] ae 28 d6 87 22 2a 05 df 5d 24 07 1a 10 5e 4b cc d2 0a 44 97 d8 a5 29 65 63
#> [251] 58 86 82 a6 7f 6c 86 35 df 33 a6 4e 20 50 d2 51 9a 6b 72 0c 14 03 f5 b2 bd
#> [276] af 36 54 37 59 b0 0a 74 8e ad 56 27 ec 8c 6f 9f 98 1e 0d f0 de 64 8a 46 be
#> [301] 31 07 fb 32 68 54 8d 02 5d d1 a0 41 bc 96 e1 18 fe ba be 00 00 00 18 00 00
#> [326] 00 10 ae b0 d4 d3 9c 83 eb 80 15 0b 88 57 8d c0 c8 36 00 00 00 18 00 00 01
#> [351] 00 11 58 3a 6a 88 78 8e ca d4 5f d3 e0 c0 f6 18 0f 14 92 ce 42 df 45 cd 7d
#> [376] f6 af ac 8b 97 e2 1b ef bc 3f ad 4f 84 90 24 40 dd 6b 9c 51 0f 28 8f 41 79
#> [401] b5 44 25 38 6f 26 17 3a 50 18 5f 02 e7 5b 99 3a 8b 96 cc 4b d8 28 20 47 f9
#> [426] 16 b8 1d b6 a4 99 92 a9 6b 46 51 56 11 b3 bb 0c aa ae dd 8e 08 9c f2 0d 08
#> [451] 8a 71 57 32 48 03 ce 90 2d 42 3f 2a 9e 29 b4 ac 78 3f 43 b4 de bc 02 48 d8
#> [476] 59 29 7e fa 51 de 9e 45 8f 77 78 41 17 98 95 32 2b 71 0e 4d c3 40 07 fa 61
#> [501] 5e 97 86 02 71 d6 64 14 60 25 a2 56 aa 9e e3 3b 51 ee 3f 6a 96 6c 22 4b 65
#> [526] df f0 8c 5b 85 79 85 6f 6a ce 75 ef 03 e2 5c 7e 22 11 dd 4d 7a 32 ad b2 5a
#> [551] 3b 91 24 64 32 fd eb a5 8c b0 52 c2 4d 08 92 4d 1d a9 18 41 c9 30 91 76 4f
#> [576] 4d 21 9d 31 f2 75 0a eb f6 c7 2c 6d 3b bb 39 69 85 b6 d9 2d a9 82 6b d7 e7
#> [601] 33 75 f0 50 32 d5 ed 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)