RSA {PKI} | R Documentation |
PKI.load.key
loads an RSA key in PKCS#1/8 PEM or DER format.
PKI.save.key
creates a PEM or DER representation of a RSA key.
PKI.genRSAkey
generates RSA public/private key pair.
PKI.mkRSApubkey
creates a RSA public key with the supplied
modulus and exponent.
PKI.load.OpenSSH.pubkey
loads public key in OpenSSH format
(as used in .ssh/authorized_keys
file)
PKI.load.key(what, format = c("PEM", "DER"), private, file, password="")
PKI.save.key(key, format = c("PEM", "DER"), private, target)
PKI.genRSAkey(bits = 2048L)
PKI.mkRSApubkey(modulus, exponent=65537L, format = c("DER", "PEM", "key"))
PKI.load.OpenSSH.pubkey(what, first=TRUE, format = c("DER", "PEM", "key"))
what |
string, raw vector or connection to load the key from |
key |
RSA key object |
format |
format - PEM is ASCII (essentially base64-encoded DER with header/footer), DER is binary and key means an acutal key object |
private |
logical, whether to use the private key ( |
file |
filename to load the key from - |
password |
string, used only if |
target |
optional connection or a file name to store the result in. If missing, the result is just returned form the function as either a character vector (PEM) or a raw vector (DER). |
bits |
size of the generated key in bits. Must be |
modulus |
modulus either as a raw vector (see
|
exponent |
exponent either as a raw vector (see
|
first |
logical, if |
PKI.load.key
: private or public key object
PKI.save.key
: raw vector (DER format) or character vector (PEM
format).
PKI.genRSAkey
: private + public key object
PKI.mkRSApubkey
, PKI.load.OpenSSH.pubkey
: raw vector
(DER format) or character vector (PEM format) or a "public.key"
object.
The output format for private keys in PEM is PKCS#1, but for public keys it is X.509 SubjectPublicKeyInfo (certificate public key). This is consistent with OpenSSL RSA command line tool which uses the same convention.
PKI.load.key
can auto-detect the contained format based on
the header if 'PEM' format is used. In that case it supports PKCS#1
(naked RSA key), PKCS#8 (wrapped key with identifier - for public
keys X.509 SubjectPublicKeyInfo) and encrypted private key in
PKCS#8 (password must be passed to decrypt). 'DER' format provides no
way to define the type so 'private' cannot be 'NA' and only the
default format (PKCS#1 for private keys and X.509
SubjectPublicKeyInfo for public keys) is supported.
The OpenSSH format is one line beginning with "ssh-rsa "
.
SSH2 PEM public keys (rfc4716) are supported in PKI.load.key
and the binary payload is the same as the OpenSSH, only with
different wrapping.
Simon Urbanek
PKI.encrypt
, PKI.decrypt
, PKI.pubkey
# generate 2048-bit RSA key
key <- PKI.genRSAkey(bits = 2048L)
# extract private and public parts as PEM
priv.pem <- PKI.save.key(key)
pub.pem <- PKI.save.key(key, private=FALSE)
# load back the public key separately
pub.k <- PKI.load.key(pub.pem)
# encrypt with the public key
x <- PKI.encrypt(charToRaw("Hello, world!"), pub.k)
# decrypt with private key
rawToChar(PKI.decrypt(x, key))
# compute SHA1 hash (fingerprint) of the public key
PKI.digest(PKI.save.key(key, "DER", private=FALSE))
# convert OpenSSH public key to PEM format
# (the example is split into multiple lines just
# so it is readable in the documentation, in reality you can
# simply use the full line from is_rsa.pub without gsub)
PKI.load.OpenSSH.pubkey(gsub("\n","",
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuvOXqfZ3pJeWeqyQOIXZwmg
M1RBqPUmVx3XgntpA+YtOZjKfuoJSpg3LhBuI/wXx8L2QZXNFibvX4qX2qoYsb
Hvkz2uonA3F7HRhCR/BJURR5nT135znVqALZo328v86HDsVWYR2/JzY1X8GI2R
2iKUMGXF0hVuRphdwLB735CU= foo@mycomputer"), format="PEM")