Content as provided by sship has to be extracted and decrypted in order for the recipient to gain access the actual content. The prerequisite is that the recipient holds the private key associated with the public key used for encryption. This key pair must have been generated using the RSA crypto system and should use 2048 bits key size, or more. The recipient may use tools within sship to establish the associated content or any other tool that handle the cryptographic algorithms applied by sship.
The following conventions and assumptions are used:
[filename]is the name of the file that was encrypted prior to shipment,
[datestamp]is the date of shipment formatted as YYYYMMDD and
[timestamp]is the time of shipment formatted as HHMMSS
data.csv__20200101_081500.tar.gzwill be used
Install the latest version of the sship packages from the R command prompt:
and load it into the R session:
dec()-function to extract and decrypt the content:
dec(tarfile = "data.csv__20200101_081500.tar.gz", keyfile = "~/.ssh/id_rsa", target_dir = ".")
From the example above the file
data.csv will be written to the current working directory. Please use
at the R prompt for more information.
Extraction and decryption of content that was encrypted and packed by sship (in R) is perfectly possible also outside R. In the above R-function a few things is taken care of “under the hood” and to aid a better understanding more information should be added to the above list of “conventions”:
data.csv.enc: the encrypted data of the shipment
key.enc: the encrypted key
iv: the initialization vector used for encryption and decryption
data.csv__20200101_081500.tar.gzthe decrypted content will be established in the file
Below is an example of how
data.csv__20200101_081500.tar.gz can be processed from a Bash shell (unix) command prompt. First, extract the archive:
Then, decrypt the key by using the private key:
Finally, decrypt the content to the file
In the above example both the
iv files are binary. When using OpenSSL for decryption these have to be provided as strings of hexadecimal digits as can be seen by the use of inline hexdump conversion in the last command. Methods for conversion from binary to hex may vary between systems. It might also be worth noting that here AES uses a key directly and not a (hash of some) passphrase that often will be the case elsewhere.