All hash functions either calculate a hash-digest for key == NULL or HMAC (hashed message authentication code) when key is not NULL. Supported inputs are binary (raw vector), strings (character vector) or a connection object.
An envelope contains ciphertext along with an encrypted session key and optionally and initialiation vector. The encrypt_envelope generates a random IV and session-key which is used to encrypt the data with AES stream cipher. The session key itself is encrypted using the given RSA key (see rsa_encrypt) and stored or sent along with the encrypted data. Each of these outputs is required to decrypt the data with the corresponding private key.
The keygen functions generate a random private key. Use as.list(key)$pubkey to derive the corresponding public key. Use write_pem to save a private key to a file, optionally with a password.
The read_key function (private keys) and read_pubkey (public keys) support both SSH pubkey format and OpenSSL PEM format (base64 data with a --BEGIN and ---END header), and automatically convert where necessary. The functions assume a single key per file except for read_cert_bundle which supports PEM files with multiple certificates.
Asymmetric encryption and decryption with RSA. Because RSA can only encrypt messages smaller than the size of the key, it is typically used only for exchanging a random session-key. This session key is used to encipher arbitrary sized data via a stream cipher such as aes_cbc. See encrypt_envelope for a high-level wrappers combining RSA and AES in this way.
openssl
(Package: openssl) :
Toolkit for Encryption, Signatures and Certificates based on OpenSSL
Bindings to OpenSSL libssl and libcrypto, plus custom SSH pubkey parsers. Supports RSA, DSA and NIST curves P-256, P-384 and P-521. Cryptographic signatures can either be created and verified manually or via x509 certificates. The AES block cipher is used in CBC mode for symmetric encryption; RSA for asymmetric (public key) encryption. High-level envelope methods combine RSA and AES for encrypting arbitrary sized data. Other utilities include key generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a secure random number generator, and bignum math methods for manually performing crypto calculations on large multibyte integers.