Obfuscate AES password
Sigh. I still disagree that your question is on topic, but someone else may offer something more helpful than I can.
You are being rather vague about this API... and if you identified it specifically then I would probably object that it was almost certainly very specific to a single operating system while R is OS-agnostic. However, if you were to narrow your scope to a specific operating system API, then you could probably use Rcpp as a stepping stone to calling any API you want. However, you will have left the generic R interpreter behind in order to create this tool for yourself, and interfacing R to compiled code generally is on topic on the R-devel mailing list, not here.
So, some study on how to interface with compiled code seems like your best next step. Normally that is most effectively handled in a package, so you will need to learn about that as well. Then if you have specific questions that you can supply reproducible examples for then R-devel or one of the OS-specific R mailing lists would be more appropriate than this list.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<jdnewmil at dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...1k
---------------------------------------------------------------------------
Sent from my phone. Please excuse my brevity.
On April 12, 2015 10:59:02 AM PDT, Luca Cerone <luca.cerone at gmail.com> wrote:
Hi Jeff, thanks, actually my question is how to do this in R, I don't think I am being out of topic. Other programming/scripting languages provide interfaces to the OS password keyring that allows users to encrypt files using the user master password, but I have no idea how to do this in R. Thanks again for your reply ! On Sun, Apr 12, 2015 at 5:33 PM, Jeff Newmiller <jdnewmil at dcn.davis.ca.us> wrote:
The topic of this list is R, not security. For the purposes of this
mailing list the user needs to take responsibility for the password. If you want to take that responsibility (cache it) from the user then you need to talk to experts on security so you can become one yourself.
IMHO obfuscating a password is worse than leaving it plain, because
that would be misleading the user about how securely the password is being managed.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live... DCN:<jdnewmil at dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...1k
---------------------------------------------------------------------------
Sent from my phone. Please excuse my brevity. On April 12, 2015 8:11:46 AM PDT, Luca Cerone <luca.cerone at gmail.com>
wrote:
Hi, I need some help with obfuscating AES key on Windows, Linux and Mac. I have asked the same question on stackoverflow, but since I didn't receive any input I have decided to post it here too. You can find my question at: http://stackoverflow.com/questions/29580742/protect-aes-key-used-in-r-code The package I am writing interfaces R to various services we have available in my company and some of these require to receive username and password. I ask the credentials to the users during the installation, and save them in an encrypted using AES from the digest package and writeBin. This way users don't need to hardcode their credentials and we can share the code without issues. The problem is that the AES key is saved as plain text on the
machine,
so that an intruder has access to the machine he can easily decrypt
the
users profile and get their credentials. What is the best way to protect the key, so that even if somebody
gets
the encrypted file he can't decrypt it easily? Thanks a lot in advance for the help, Cheers. Luca
______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.