Re: [R] encrypted RData file?

From: Duncan Temple Lang <duncan_at_wald.ucdavis.edu>
Date: Fri 28 Oct 2005 - 08:09:56 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Na Li wrote:
> On 27 Oct 2005, Duncan Temple Lang wrote:
>
>

>>Yes, it is of interest and was sitting on my todo list at
>>some time.  If you want to go ahead and provide code to do it,
>>that would be terrific.  There are other areas where encryption
>>would be good to have, so a general mechanism would be nice.
>>
>>D.
>>
>>Na Li wrote:
>>
>>>Hi, I wonder if there is interest/intention to allow for encrypted .RData
>>>files?  One can certainly do that outside R manually but that will leave a
>>>decrypted RData file somewhere which one has to remember to delete.
>>>

>
>
> I was hoping someone has already done it. ;-(

Me too.

>
> One possibility is to implement an interface package to gpgme library which
> itself is an interface to GnuPG.
>
> But I'm not sure how the input of passphrase can be handled without using
> clear text.
>

For the Unix-like operating systems, a simple thing that we can use is to call gpg as a system program. When we save a file, we can put it in R's temporary directory which is readable only by the owner of the R process. Then we call gpg to encrypt it and put the resulting file in the appropriate directory.
Similarly, when loading, we can decrypt into this "secure" area, load the file in the usual way and throw away the decrypted version.

This is definitely the poor man's version and one that I don't like as it uses the file system. But it will get us around the import/export   restrictions that Luke Tierney immediately raise with no problems. It is also the mechanism the gpg package in emacs uses (except they just use the current directory, regardless of whether it is readable by anyone else). And I have just written a very simple prototype that does this for R.

Interfacing to a library is the way to go, and I might get to that soon, but it requires that we do it in a way that does not put any encryption code into the R source. I can see 2 options off hand, but some more thought is necessary.

And if anyone wants to volunteer to write this, that would be much better than me doing it for a variety of different reasons.

> Michael
>
> ______________________________________________
> R-help@stat.math.ethz.ch mailing list
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide! http://www.R-project.org/posting-guide.html

iD8DBQFDYVA09p/Jzwa2QP4RAoYHAJ4i4Nnd/XtNx2O+zrjxF1nxwYJ4egCfQV4Q p1CaXFo1fiThNax7Afg9uco=
=j3Hw
-----END PGP SIGNATURE-----



R-help@stat.math.ethz.ch mailing list
https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide! http://www.R-project.org/posting-guide.html Received on Fri Oct 28 09:00:38 2005

This archive was generated by hypermail 2.1.8 : Fri 28 Oct 2005 - 12:14:21 EST