[R] Obfuscate AES password
Jeff Newmiller
jdnewmil at dcn.davis.CA.us
Sun Apr 12 22:17:04 CEST 2015
Sigh. I still disagree that your question is on topic, but someone else may offer something more helpful than I can.
You are being rather vague about this API... and if you identified it specifically then I would probably object that it was almost certainly very specific to a single operating system while R is OS-agnostic. However, if you were to narrow your scope to a specific operating system API, then you could probably use Rcpp as a stepping stone to calling any API you want. However, you will have left the generic R interpreter behind in order to create this tool for yourself, and interfacing R to compiled code generally is on topic on the R-devel mailing list, not here.
So, some study on how to interface with compiled code seems like your best next step. Normally that is most effectively handled in a package, so you will need to learn about that as well. Then if you have specific questions that you can supply reproducible examples for then R-devel or one of the OS-specific R mailing lists would be more appropriate than this list.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<jdnewmil at dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...1k
---------------------------------------------------------------------------
Sent from my phone. Please excuse my brevity.
On April 12, 2015 10:59:02 AM PDT, Luca Cerone <luca.cerone at gmail.com> wrote:
>Hi Jeff,
>thanks, actually my question is how to do this in R, I don't think I am
>being out of topic.
>
>Other programming/scripting languages provide interfaces to the OS
>password
>keyring that allows
>users to encrypt files using the user master password, but I have no
>idea
>how to do this in R.
>
>Thanks again for your reply !
>
>On Sun, Apr 12, 2015 at 5:33 PM, Jeff Newmiller
><jdnewmil at dcn.davis.ca.us>
>wrote:
>> The topic of this list is R, not security. For the purposes of this
>mailing list the user needs to take responsibility for the password. If
>you
>want to take that responsibility (cache it) from the user then you need
>to
>talk to experts on security so you can become one yourself.
>>
>> IMHO obfuscating a password is worse than leaving it plain, because
>that
>would be misleading the user about how securely the password is being
>managed.
>>
>---------------------------------------------------------------------------
>> Jeff Newmiller The ..... ..... Go Live...
>> DCN:<jdnewmil at dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
>> Live: OO#.. Dead: OO#.. Playing
>> Research Engineer (Solar/Batteries O.O#. #.O#. with
>> /Software/Embedded Controllers) .OO#. .OO#. rocks...1k
>>
>---------------------------------------------------------------------------
>> Sent from my phone. Please excuse my brevity.
>>
>> On April 12, 2015 8:11:46 AM PDT, Luca Cerone <luca.cerone at gmail.com>
>wrote:
>>>Hi, I need some help with obfuscating AES key on Windows, Linux and
>>>Mac.
>>>I have asked the same question on stackoverflow, but since I didn't
>>>receive any input
>>>I have decided to post it here too. You can find my question at:
>>>http://stackoverflow.com/questions/29580742/protect-aes-key-used-in-r-code
>>>
>>>The package I am writing interfaces R to various services we have
>>>available in my company and some of these require to receive username
>>>and password.
>>>
>>>I ask the credentials to the users during the installation, and save
>>>them
>>>in an encrypted using AES from the digest package and writeBin.
>>>
>>>This way users don't need to hardcode their credentials and we can
>>>share the
>>>code without issues.
>>>
>>>The problem is that the AES key is saved as plain text on the
>machine,
>>>so that an intruder has access to the machine he can easily decrypt
>the
>>>users
>>>profile and get their credentials.
>>>
>>>What is the best way to protect the key, so that even if somebody
>gets
>>>the encrypted file he can't decrypt it easily?
>>>
>>>Thanks a lot in advance for the help,
>>>Cheers.
>>>Luca
>>>
>>>______________________________________________
>>>R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see
>>>https://stat.ethz.ch/mailman/listinfo/r-help
>>>PLEASE do read the posting guide
>>>http://www.R-project.org/posting-guide.html
>>>and provide commented, minimal, self-contained, reproducible code.
>>
More information about the R-help
mailing list