encrypt_envelope

0th

Percentile

Envelope encryption

An envelope contains ciphertext along with an encrypted session key and optionally and initialiation vector. The encrypt_envelope generates a random IV and session-key which is used to encrypt the data with AES stream cipher. The session key itself is encrypted using the given RSA key (see rsa_encrypt) and stored or sent along with the encrypted data. Each of these outputs is required to decrypt the data with the corresponding private key.

Usage
encrypt_envelope(data, pubkey = my_pubkey())
decrypt_envelope(data, iv, session, key = my_key(), password)
Arguments
data
raw data vector or file path for message to be signed. If hash == NULL then data must be a hash string or raw vector.
pubkey
public key or file path. See read_pubkey.
iv
16 byte raw vector returned by encrypt_envelope.
session
raw vector with encrypted session key as returned by encrypt_envelope.
key
private key or file path. See read_key.
password
string or a function to read protected keys. See read_key.
References

https://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope

Aliases
  • decrypt_envelope
  • encrypt_envelope
  • envelope
Examples
# Requires RSA key
key <- rsa_keygen()
pubkey <- as.list(key)$pubkey
msg <- serialize(iris, NULL)

# Encrypt
out <- encrypt_envelope(msg, pubkey)
str(out)

# Decrypt
orig <- decrypt_envelope(out$data, out$iv, out$session, key)
stopifnot(identical(msg, orig))
Documentation reproduced from package openssl, version 0.9.4, License: MIT + file LICENSE

Community examples

Looks like there are no examples yet.