Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 03 02 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 6b e0 d8 3e 1e d8 e1 a5 d5 b3 e6
#> [51] 50 8d 2f b8 cc 00 00 00 18 00 00 01 00 a3 80 48 b3 ec 5c ef bd 20 8f d5 fc
#> [76] b8 96 e2 07 bd e0 ff 1a 7e 18 3e 9b 50 60 62 1e 27 3f 8c 67 4c cc 1f 23 ef
#> [101] ee f8 d3 40 aa 03 0f ba 94 19 6e cb fb 91 29 e6 1d 2f f1 28 15 f4 1b 87 25
#> [126] 43 28 d9 aa 26 11 59 3a 00 d6 73 b1 6a dd 4c 16 92 bc d3 ba fd 24 60 fb c4
#> [151] 13 f2 32 b2 79 48 09 85 87 2b 06 b8 f9 ce 76 e6 ed d9 a5 35 39 78 0c df 32
#> [176] b9 f0 41 cd f1 a2 82 58 62 dc c9 22 da b1 49 6d 35 7e 80 8d 24 be 43 d6 6a
#> [201] 8d f0 d3 2f fe 60 f0 ec e3 3d 47 1a 81 c3 06 03 59 a4 4b e0 8f 4e 51 d1 2e
#> [226] cb 87 76 a4 26 28 71 a7 17 0a ca 25 ea 19 98 2b 55 61 fc c7 45 7a 29 a0 8c
#> [251] 3e 49 28 8f 6e a8 6e c7 18 0a 35 ac b6 40 f0 2a 6b a6 0e b4 47 01 f3 eb 29
#> [276] 21 ba b2 ec 08 48 60 e0 38 43 5b e2 24 7a 39 6d 12 9f f3 10 e1 3e 42 77 60
#> [301] b1 ec 6a 07 40 9b 25 e4 d1 83 91 26 b4 c5 75 eb 1e d3 d1 00 00 00 18 00 00
#> [326] 00 10 45 a9 d5 d7 08 df 64 cd 32 64 36 61 59 72 c9 22 00 00 00 18 00 00 01
#> [351] 00 4f df 4a d1 9d e7 ef f9 4f b6 6b 8c 21 51 74 32 6a 11 54 fe 7c 02 ec 72
#> [376] 2a 1a b6 1e 12 b4 1d a7 22 27 63 10 05 ab 07 01 03 2b 76 ab 3f e1 d2 92 3b
#> [401] fe 48 4a c2 42 9d fd db 85 67 4c f2 3b 89 15 ec 3e bc d3 bc 5f 98 a9 8c be
#> [426] d9 bd dd 1e 9f 2c dd 2e 0b a3 39 60 7f 7c 1b c2 9b 73 bd 02 c2 8a 55 b1 c4
#> [451] ac b9 13 1c 2d ef 83 e5 d9 d3 7e 01 8b 92 1b 23 e5 a4 06 9d ad 1c 64 98 75
#> [476] e7 f6 65 c0 ab 70 27 f7 3a 4a 52 a1 db ae 8b 9b e1 c5 76 c4 98 6e 5d b2 41
#> [501] 57 1f 7a 18 49 a5 04 1d 6c ab e8 b2 16 90 7f 0c ab 25 63 ca 56 78 90 b0 d7
#> [526] fe 80 ef 16 c5 01 3c 35 43 13 b7 bf 22 78 a1 81 3f 34 1e 7d 23 4d 0b 46 14
#> [551] 6a c5 9f c3 47 50 21 c8 7f ea 0a d9 8b a3 61 57 7c 82 58 aa 0e c7 22 51 b2
#> [576] 21 b7 a4 a6 07 ba f0 0e 2e 77 1f e9 c9 fa 92 d0 7e 37 f1 2e 40 55 fa c9 e2
#> [601] 40 21 0a b6 45 c7 9c 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)