enc: Encryption of shipment content
In sship: Tool for Secure Shipment of Content
enc R Documentation
Encryption of shipment content
Description
Various functions and helper functions to establish encrypted files. To
secure the content (any file) the Advanced Encryption Standard (AES) is
applied with an ephemeral key consisting of 256 random bits. This key is
only used once for encryption (and then one more time during decryption at a
later stage). A random 128 bit initialization vector (iv) is also applied
during encryption. There is no extra security gain in this since the key
will never be re-used for encryption/decryption. So, just for good measures
then :-) After the content has been encrypted the key itself is encrypted by
applying a public key offered by the recipient. This key is obtained from a
public provider. Currently, GitHub is the only option. The three files:
encrypted content, the encrypted key and the (cleartext) iv is then bundled
into a tarball ready for shipment.
Usage
enc_filename(filename)
make_pubkey_url(pubkey_holder = "github", pid)
get_pubkey(pubkey_holder, pid)
enc(filename, pubkey_holder, pid, pubkey = NULL)
Arguments
filename
Character string with fully qualified path to a file.
pubkey_holder
Character string defining the provider of the public key
used for encryption of the symmetric key. Currently, 'github' is the only
valid pubkey holder. If a local pubkey is to be used (see parameter
pubkey, pubkey_holder may be set to NULL or some other value.
pid
Character string uniquely defining the user at
pubkey_holder who is also the owner of the public key.
pubkey
Character string representing a valid public key. Default is
NULL in which case the key will be obtained as per pubkey_holder.
Details
Encrypted files can be decrypted outside R using the OpenSSL library. Both
the key and the initialization vector (iv) are binary and this method uses
the key directly (and not a [hashed] passphrase). OpenSSL decryption need to
be fed the key (and iv) as a string of hex digits. Methods for conversion
from binary to hex may vary between systems. Below, a bash shell (unix)
example is given
Step 1: decrypt symmetric key (open envelope) using a private key
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in key.enc -out key
Step 2: decrypt content by key obtained in step 1, also converting key and
iv to strings of hexadecimal digits
openssl aes-256-cbc -d -in data.csv.enc -out data.csv \
-K $(hexdump -e '32/1 "%02x"' key) -iv $(hexdump -e '16/1 "%02x"' iv)
Value
Character string providing a filename or a key
See Also
dec
Examples
# Please note that these examples will write files to a local temporary
# directory.
## Define temporary working directory and a secret file name
wd <- tempdir()
secret_file_name <- "secret.rds"
## Add content to the secret file
saveRDS(iris, file = file.path(wd, secret_file_name), ascii = TRUE)
## Make a private-public key pair named "id_rsa" and "id_rsa.pub"
keygen(directory = wd, type = "rsa", overwrite_existing = TRUE)
## Load public key
pubkey <- readLines(file.path(wd, "id_rsa.pub"))
## Make a secured file (ready for shipment)
secure_secret_file <- enc(filename = file.path(wd, "secret.rds"),
pubkey_holder = NULL, pubkey = pubkey)
sship documentation built on Dec. 28, 2022, 2:01 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| enc | R Documentation |
Encryption of shipment content
Description
Various functions and helper functions to establish encrypted files. To secure the content (any file) the Advanced Encryption Standard (AES) is applied with an ephemeral key consisting of 256 random bits. This key is only used once for encryption (and then one more time during decryption at a later stage). A random 128 bit initialization vector (iv) is also applied during encryption. There is no extra security gain in this since the key will never be re-used for encryption/decryption. So, just for good measures then :-) After the content has been encrypted the key itself is encrypted by applying a public key offered by the recipient. This key is obtained from a public provider. Currently, GitHub is the only option. The three files: encrypted content, the encrypted key and the (cleartext) iv is then bundled into a tarball ready for shipment.
Usage
enc_filename(filename) make_pubkey_url(pubkey_holder = "github", pid) get_pubkey(pubkey_holder, pid) enc(filename, pubkey_holder, pid, pubkey = NULL)
Arguments
filename |
Character string with fully qualified path to a file. |
pubkey_holder |
Character string defining the provider of the public key
used for encryption of the symmetric key. Currently, 'github' is the only
valid pubkey holder. If a local pubkey is to be used (see parameter
|
pid |
Character string uniquely defining the user at
|
pubkey |
Character string representing a valid public key. Default is
NULL in which case the key will be obtained as per |
Details
Encrypted files can be decrypted outside R using the OpenSSL library. Both the key and the initialization vector (iv) are binary and this method uses the key directly (and not a [hashed] passphrase). OpenSSL decryption need to be fed the key (and iv) as a string of hex digits. Methods for conversion from binary to hex may vary between systems. Below, a bash shell (unix) example is given
Step 1: decrypt symmetric key (open envelope) using a private key
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in key.enc -out key
Step 2: decrypt content by key obtained in step 1, also converting key and iv to strings of hexadecimal digits
openssl aes-256-cbc -d -in data.csv.enc -out data.csv \ -K $(hexdump -e '32/1 "%02x"' key) -iv $(hexdump -e '16/1 "%02x"' iv)
Value
Character string providing a filename or a key
See Also
dec
Examples
# Please note that these examples will write files to a local temporary
# directory.
## Define temporary working directory and a secret file name
wd <- tempdir()
secret_file_name <- "secret.rds"
## Add content to the secret file
saveRDS(iris, file = file.path(wd, secret_file_name), ascii = TRUE)
## Make a private-public key pair named "id_rsa" and "id_rsa.pub"
keygen(directory = wd, type = "rsa", overwrite_existing = TRUE)
## Load public key
pubkey <- readLines(file.path(wd, "id_rsa.pub"))
## Make a secured file (ready for shipment)
secure_secret_file <- enc(filename = file.path(wd, "secret.rds"),
pubkey_holder = NULL, pubkey = pubkey)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.