Wrap a pair of openssl keys. You should pass your private key and the public key of the person that you are communicating with.
Arguments
- pub
An openssl public key. Usually this will be the path to the key, in which case it may either the path to a public key or be the path to a directory containing a file
id_rsa.pub
. IfNULL
, then your public key will be used (found via the environment variableUSER_PUBKEY
, then~/.ssh/id_rsa.pub
). However, it is not that common to use your own public key - typically you want either the sender of a message you are going to decrypt, or the recipient of a message you want to send.- key
An openssl private key. Usually this will be the path to the key, in which case it may either the path to a private key or be the path to a directory containing a file. You may specify
NULL
here, in which case the environment variableUSER_KEY
is checked and if that is not defined then~/.ssh/id_rsa
will be used.- envelope
A logical indicating if "envelope" encryption functions should be used. If so, then we use
openssl::encrypt_envelope()
andopenssl::decrypt_envelope()
. IfFALSE
then we useopenssl::rsa_encrypt()
andopenssl::rsa_decrypt()
. See the openssl docs for further details. The main effect of this is that usingenvelope = TRUE
will allow you to encrypt much larger data thanenvelope = FALSE
; this is because openssl asymmetric encryption can only encrypt data up to the size of the key itself.- password
A password for the private key. If
NULL
then you will be prompted interactively for your password, and if a string then that string will be used as the password (but be careful in scripts!)- authenticated
Logical, indicating if the result should be signed with your public key. If
TRUE
then your key will be verified on decryption. This provides tampering detection.
See also
keypair_sodium()
for a similar function using
sodium keypairs
Examples
# Note this uses password = FALSE for use in examples only, but
# this should not be done for any data you actually care about.
# Note that the vignette contains much more information than this
# short example and should be referred to before using these
# functions.
# Generate two keypairs, one for Alice, and one for Bob
path_alice <- tempfile()
path_bob <- tempfile()
cyphr::ssh_keygen(path_alice, password = FALSE)
cyphr::ssh_keygen(path_bob, password = FALSE)
# Alice wants to send Bob a message so she creates a key pair with
# her private key and bob's public key (she does not have bob's
# private key).
pair_alice <- cyphr::keypair_openssl(pub = path_bob, key = path_alice)
# She can then encrypt a secret message:
secret <- cyphr::encrypt_string("hi bob", pair_alice)
secret
#> [1] 58 0a 00 00 00 03 00 04 04 01 00 03 05 00 00 00 00 05 55 54 46 2d 38 00 00
#> [26] 02 13 00 00 00 04 00 00 00 18 00 00 00 10 b1 c6 f9 76 f7 72 66 2d 15 81 da
#> [51] b0 e7 f6 56 cf 00 00 00 18 00 00 01 00 36 f1 41 16 a8 cb 64 a1 11 10 77 41
#> [76] a4 16 be 60 cb 35 d4 1b bc 75 32 ad 17 8a 45 51 de 9b b5 2a 3a e1 24 3c 2a
#> [101] de 24 97 21 29 eb d7 a5 72 5a 1e 13 72 7d 28 af 9f 86 bb 83 58 f4 3e ad 34
#> [126] b3 59 5b c4 19 72 f9 ce bd 0f 98 b6 16 8a 71 db 67 51 a6 ac 92 8d bb b8 f8
#> [151] cf dc 2a 88 01 c4 8e b2 ec 4f f9 fc 02 60 12 ba 96 44 37 73 4b 62 1d 02 27
#> [176] cf d9 1d bb 6f a0 7e df aa 03 1c 66 c7 cb 91 3c 8b 0e 8f 15 b5 09 21 40 50
#> [201] 72 88 b4 df 64 8d 36 3b 2c 20 6a 47 81 6e f9 2a 06 d5 36 b1 9d b1 6e b2 e8
#> [226] 7e af 19 b7 f4 19 c9 cb ef 2e 5f dd b5 b9 98 67 95 f5 29 dc f1 50 31 8f 9e
#> [251] 77 fc 64 62 5f fc ca 9c b9 d0 ff 10 97 27 68 a6 84 f9 0c 14 b3 ce c4 31 5c
#> [276] 77 51 2f d1 8c 77 e5 98 f6 bd bd c3 47 1e 0a b9 be 35 15 7f 1d ed 33 8f b2
#> [301] b9 8a 44 1e 15 3e ba 0b e0 fc 0a 08 9c 16 a6 d6 52 7f 97 00 00 00 18 00 00
#> [326] 00 10 1d e5 92 e1 15 cb a6 65 a5 5d da 95 b5 0b 07 bb 00 00 00 18 00 00 01
#> [351] 00 09 96 94 18 7a 0f 85 52 32 8e ea af 44 4a 97 f8 fd c9 45 03 5f ea fb 0a
#> [376] 25 13 71 45 81 49 20 5a 6b 2a 15 cc 02 f2 44 66 40 ea 62 06 46 c3 7f a5 52
#> [401] fd 32 ea c6 6b bc aa 9d 21 75 62 d8 66 69 3b c3 7c a3 15 02 33 a7 d2 f3 0e
#> [426] 3f 31 99 43 b0 23 84 d1 67 05 5b c7 1e 45 45 46 48 0d ce 3f 69 1d c9 bf 37
#> [451] 8f ff cd de 08 ae b2 42 5a 00 80 f5 76 dc 8e 70 fc 4c 59 90 a4 c4 4b b0 bd
#> [476] 56 58 9c 09 94 73 6e d5 e6 f6 cf e1 2c 0b 0e 13 be 2e 44 ea ba 9b 13 2c 1a
#> [501] 17 be c0 47 a6 f3 44 ce 99 6c e3 99 b1 90 e1 04 de 46 ae 58 22 12 59 21 a7
#> [526] 37 be 32 3c 57 57 5e 4d a0 a7 d5 19 df 82 e4 0d aa e9 08 9b e9 31 32 d5 01
#> [551] 7a 38 35 79 63 55 e5 ab 74 13 e1 05 f8 ef bf 12 95 17 4a bc d3 2e 74 13 e6
#> [576] 83 6d 76 49 14 38 d2 39 5f 67 0b 10 e1 34 4b 10 71 8a e1 f3 2a e1 29 85 a5
#> [601] 54 06 e2 03 d5 fa c6 00 00 04 02 00 00 00 01 00 04 00 09 00 00 00 05 6e 61
#> [626] 6d 65 73 00 00 00 10 00 00 00 04 00 04 00 09 00 00 00 02 69 76 00 04 00 09
#> [651] 00 00 00 07 73 65 73 73 69 6f 6e 00 04 00 09 00 00 00 04 64 61 74 61 00 04
#> [676] 00 09 00 00 00 09 73 69 67 6e 61 74 75 72 65 00 00 00 fe
# Bob wants to read the message so he creates a key pair using
# Alice's public key and his private key:
pair_bob <- cyphr::keypair_openssl(pub = path_alice, key = path_bob)
cyphr::decrypt_string(secret, pair_bob)
#> [1] "hi bob"
# Clean up
unlink(path_alice, recursive = TRUE)
unlink(path_bob, recursive = TRUE)