search

r-lib / keyring

:closed_lock_with_key: Access the system credential store from R
https://keyring.r-lib.org/
Other
196 stars 28 forks source link

what encryption algorithm does keyring package use? #91

Closed sendakil closed 3 years ago

sendakil commented 3 years ago

trying to understand how keyring encrypt/decrypt keys and what sort of algorithm it uses. Is that different among the operating system? And, would like to know whether keyring package allow to use the new encryption algorithm?

gaborcsardi commented 3 years ago

Yes, it is different, and it uses whatever the OS credential store uses.

The encrypted file backend uses libsodium through the sodium R package, which uses the crypto_secretbox_easy() API: https://libsodium.gitbook.io/doc/secret-key_cryptography/secretbox#algorithm-details

You cannot easily use a new encryption algorithm for the OS level credential stores. But you can implement a new backend, that is similar to the current encrypted file backend, and your new backend can use any algorithm you like. (Hopefully you can do this without modifying the keyring package, if not, then we can fix that.)

sendakil commented 3 years ago

Hi, thanks a lot! i think this info will help a lot. however we have to use some standard algorithm for managing the credentials. but is there anyway to check what sort of algorithm OS credential store uses especially in Linux and windows.

gaborcsardi commented 3 years ago

On Linux, you can use various backends, the secret service backend uses the libsecret library available on the machine, so you can see its documentation. Or you can use the encrypted file backend, see above.

On Windows, you'll need to see if Microsoft has documented the details of the encryption of the credential store, on the various versions of Windows. keyring uses these functions: https://docs.microsoft.com/en-us/windows/win32/api/wincred/ here: https://github.com/r-lib/keyring/blob/master/src/keyring_wincred.c

sendakil commented 3 years ago

Great. thanks. want to have some more clarity on the encrypted backend file. Is this feature different between libsodium and keyring package? if not, can we just use keyring package?

gaborcsardi commented 3 years ago

I am not sure what you mean, sorry.

sendakil commented 3 years ago

which package (either keyring or sodium) we should use for encrypted file backend

gaborcsardi commented 3 years ago

You use keyring, which uses sodium internally, which uses libsodium.

sendakil commented 3 years ago

Thanks.