Parsing keys and certificates

Share:

Description

The read_key function (private keys) and read_pubkey (public keys) support both SSH pubkey format and OpenSSL PEM format (base64 data with a --BEGIN and ---END header), and automatically convert where necessary. The functions assume a single key per file except for read_cert_bundle which supports PEM files with multiple certificates.

The 'read_pem' function parses the PEM file into a header and a data payload. It is mostly useful for debugging.

Usage

1
2
3
4
5
6
7
8
9
read_key(file, password = askpass, der = is.raw(file))

read_pubkey(file, der = is.raw(file))

read_cert(file, der = is.raw(file))

read_cert_bundle(file)

read_pem(file)

Arguments

file

Either a path to a file, a connection, or literal data (a string for pem/ssh format, or a raw vector in der format)

password

A string or callback function to read protected keys

der

set to TRUE if file is in binary DER format

Details

Most versions of OpenSSL support at least RSA, DSA and ECDSA keys. Certificates must conform to the X509 standard.

The password argument is needed when reading keys that are protected with a passphrase. It can either be a string containing the passphrase, or a custom calback function that will be called by OpenSSL to read the passphrase. The function should take one argument (a string with a message) and return a string. The default is to use readline which will prompt the user in an interactive R session.

Value

An object of class cert, key or pubkey which holds the data in binary DER format and can be decomposed using as.list.

See Also

download_ssl_cert

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
## Not run: # Read private key
key <- read_key("~/.ssh/id_rsa")
str(key)

# Read public key
pubkey <- read_pubkey("~/.ssh/id_rsa.pub")
str(pubkey)

# Read certificates
txt <- readLines("https://curl.haxx.se/ca/cacert.pem")
bundle <- read_cert_bundle(txt)
print(bundle)

## End(Not run)