An envelope
contains ciphertext along with an encrypted session key and optionally and initialization
vector. The encrypt_envelope() generates a random IV and session-key which is
used to encrypt the data with AES() stream cipher. The
session key itself is encrypted using the given RSA key (see rsa_encrypt()) and
stored or sent along with the encrypted data. Each of these outputs is required to decrypt
the data with the corresponding private key.
raw data vector or file path for message to be signed.
If hash == NULL then data must be a hash string or raw vector.
public key or file path. See read_pubkey().
16 byte raw vector returned by encrypt_envelope.
raw vector with encrypted session key as returned by encrypt_envelope.
private key or file path. See read_key().
string or a function to read protected keys. See read_key().
https://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope
# Requires RSA key
key <- rsa_keygen()
pubkey <- key$pubkey
msg <- serialize(iris, NULL)
# Encrypt
out <- encrypt_envelope(msg, pubkey)
str(out)
#> List of 3
#> $ iv : raw [1:16] 4f 2e 69 d2 ...
#> $ session: raw [1:256] 6f 05 56 25 ...
#> $ data : raw [1:5808] b3 c1 d3 3f ...
# Decrypt
orig <- decrypt_envelope(out$data, out$iv, out$session, key)
stopifnot(identical(msg, orig))