encrypt {aws.kms}R Documentation

Perform encryption/decryption

Description

Encrypt plain text into ciphertext, or the reverse

Usage

encrypt(text, key, encode = TRUE, ...)

decrypt(text, key, encode = TRUE, ...)

reencrypt(text, key, encode = TRUE, ...)

Arguments

text

For encrypt, a character string specifying up to 4 kilobytes of data to be encrypted using the specified key. For decrypt, ciphertext of maximum 6144 bytes.

key

A character string specifying a key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with “alias/”.

encode

A logical specifying whether to base 64 encode text.

...

Additional arguments passed to kmsHTTP.

Details

encrypt encrypts source text using a KMS key. decrypt reverses this process using the same key. reencrypt reencrypts an (encrypted) ciphertext using a new key. The purpose of these functions, according to AWS, to is encrypt and decrypt data keys (of the source created with generate_data_key) rather than general purpose encryption given the relatively low upper limit on the size of text.

Value

encrypt returns a base64-encoded binary object as a character string.

See Also

create_kms_key, generate_data_key, generate_blob

Examples

## Not run: 
  # create a key
  k <- create_kms_key()
  
  # encrypt
  tmp <- tempfile()
  cat("example test", file = tmp)
  (etext <- encrypt(tmp, k))
  
  # decrypt
  (dtext <- decrypt(etext, k, encode = FALSE))
  if (require("base64enc")) {
    rawToChar(base64enc::base64decode(dtext))
  }
  
  # cleanup
  delete_kms_key(k)

## End(Not run)
[Package aws.kms version 0.1.4 Index]