Toolkit for Encryption, Signatures and Certificates Based on OpenSSL

Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parsers. Supports RSA, DSA and EC curves P-256, P-384, P-521, and curve25519. Cryptographic signatures can either be created and verified manually or via x509 certificates. AES can be used in cbc, ctr or gcm mode for symmetric encryption; RSA for asymmetric (public key) encryption or EC for Diffie Hellman. High-level envelope functions combine RSA and AES for encrypting arbitrary sized data. Other utilities include key generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a secure random number generator, and 'bignum' math methods for manually performing crypto calculations on large multibyte integers.


News

1.2.2

  • Fix double free crash with libssl 1.1.1b

1.2.1

  • Hotfix release for crash in ecdsa_write()

1.2

  • askpass() has been moved into its own package and gains native programs for MacOS and Windows.
  • Added ecdsa_parse() and ecdsa_write() to support JWT signatures (jose pkg)

1.1

  • MacOS and Windows binaries now ship with libssl 1.1.1 (TLS 1.3 support)
  • Windows (breaking): my_key() and my_pubkey() now interpret ~/ as windows home dir instead of documents dir, for compatibility with other software.
  • my_pubkey() no longer uses USER_PUBKEY but instead USER_KEY + ".pub"
  • Use the OpenSSL 1.1 API in LibreSSL 2.7
  • Suppress echo in askpass if stdin is a tty

1.0.2

  • Improve system error messages in download_ssl_cert()
  • Fix unit test (password error message) for libcrypto 1.1.1

1.0.1

1.0

  • Add the 'name' field to read_p12() output
  • Add write_pkcs1() for legacy OpenSSH keys
  • Fix unit tests using http://pki.goog/ (Google changed crt files to DER)

0.9.9

  • Workaround failing test on Mavericks due to IPv6 firewall issue

0.9.8

  • Fix build on OSX Mavericks

0.9.7

  • Configure script checks SHLIB_VERSION_NUMBER to find matching lib
  • Added internal stopifnot() replacement to give more helpful error mesasges
  • Add live SSL unit tests from https://pki.goog
  • Fix for OpenBSD/FreeBSD (#41)
  • Added as.integer.bignum() method
  • Update maintainer email address
  • Add symbol registration call in R_init_openssl
  • Reject empty digests when signing (#44)
  • Use OPENSSL_free to free OpenSSL's allocations (#44)
  • Cleanups for ec_keygen() (#44)
  • Windows: update OpenSSL to 1.1.0f

0.9.6

  • Add read_p7b() and write_p7b() for certificate bundles
  • Rename read_pkcs12 / write_pkcs12 to read_p12 / write_p12
  • More unit test for rountripping certs
  • Workaround for PEM files with "RSA PUBLIC KEY" instead of "PUBLIC KEY" header
  • Fix example in bignum vignette for OpenSSL 1.1.0 (increase RSA key size)
  • Sync bundled cacert.pem with Mozilla as of: Wed Sep 14 03:12:05 2016
  • Added blake2b and blake2s hash functions (only available in libssl 1.1)
  • Fix support for LibreSSL
  • Windows: update libssl/libcrypto to 1.1.0c

0.9.5

  • Support for new API in OpenSSL 1.1.0
  • Remove 'pseudo_rand_bytes()' (deprecated in libssl)
  • Work around missing EVP_CIPH_GCM_MODE in OpenSSL 1.0.0
  • Add read_pkcs12() and write_pkcs12() functions
  • Add read_pem() for debugging PEM files
  • Add base methods [, [[, $, names, .DollarNames for keys and certificates
  • Update libssl on Windows to 1.0.2h
  • Add #define _POSIX_C_SOURCE in ssl.c to ensure getaddrinfo() is available
  • Add as.character.hash method for raw hashes
  • Clear error buffer when raising an error

0.9.4

  • Fix ec_keygen() for old versions of OpenSSL
  • Added aes_ctr() and aes_gcm() modes
  • Added aes_keygen()
  • Added bignum_mod_inv()
  • Internal tools for JWT/JWK support (see pkg: jose)

0.9.3

  • Added ec_dh() function for ECDH
  • Added --atleast-version=1.0 to pkg-config in configure script
  • Switch as.list(cert) to RFC2253 format for 'subject' and 'issuer' fields

0.9.2

  • Disable EC stuff for OPENSSL_NO_EC (needed on some Solaris / Gentoo)
  • Added openssl_config() function to test if libssl is built with EC support
  • Make configure script bourne compatible (remove bash shebang)
  • Tweak for OpenBSD in ssl.c
  • Added sha224, sha384 and sha2 functions
  • Export the fingerprint function

0.9.1

  • Fix for getaddrinfo() in Solaris
  • Use the configurable askpass() for password prompt

0.9

  • Switched download_ssl_cert to getaddrinfo() api for ipv6 support
  • Fix for example for naming conflict with new digest package

0.8

  • Configure script now checks for OpenSSL minimum version 1.0.0

0.7

  • Breaking change: hash functions now use hmac 'key' instead of a 'salt'
  • The my_key() and my_pubkey() functions now work as documented
  • as.list(cert) add alt_names field for https certs with multiple domains
  • added export_pem for certificates

0.6

  • Added --force-bottle to autobrew installer
  • Use nonblocking socket in ssl to set connection timeout
  • Fix UBSAN problem in ssl.c
  • Fix ASAN problem in hash.c

0.5

  • Major overhaul, add encryption, signature, cert stuff
  • Upgrade libssl and libcrypto on windows to 1.0.2d

0.4

  • Added base64 functions

Reference manual

It appears you don't have a PDF plugin for this browser. You can click here to download the reference manual.