R: Envelope encryption

encrypt_envelope {openssl}

R Documentation

Envelope encryption

Description

An envelope contains ciphertext along with an encrypted session key and optionally and initialization vector. The encrypt_envelope() generates a random IV and session-key which is used to encrypt the data with AES() stream cipher. The session key itself is encrypted using the given RSA key (see rsa_encrypt()) and stored or sent along with the encrypted data. Each of these outputs is required to decrypt the data with the corresponding private key.

Usage

encrypt_envelope(data, pubkey = my_pubkey())

decrypt_envelope(data, iv, session, key = my_key(), password)

Arguments

`data`	raw data vector or file path for message to be signed. If `hash == NULL` then `data` must be a hash string or raw vector.
`pubkey`	public key or file path. See `read_pubkey()`.
`iv`	16 byte raw vector returned by `encrypt_envelope`.
`session`	raw vector with encrypted session key as returned by `encrypt_envelope`.
`key`	private key or file path. See `read_key()`.
`password`	string or a function to read protected keys. See `read_key()`.

References

https://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope

Examples

# Requires RSA key
key <- rsa_keygen()
pubkey <- key$pubkey
msg <- serialize(iris, NULL)

# Encrypt
out <- encrypt_envelope(msg, pubkey)
str(out)

# Decrypt
orig <- decrypt_envelope(out$data, out$iv, out$session, key)
stopifnot(identical(msg, orig))

[Package openssl version 2.2.0 Index]