Toolkit for Encryption, Signatures and Certificates Based on OpenSSL

Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parsers. Supports RSA, DSA and EC curves P-256, P-384 and P-521. Cryptographic signatures can either be created and verified manually or via x509 certificates. AES can be used in cbc, ctr or gcm mode for symmetric encryption; RSA for asymmetric (public key) encryption or EC for Diffie Hellman. High-level envelope functions combine RSA and AES for encrypting arbitrary sized data. Other utilities include key generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a secure random number generator, and 'bignum' math methods for manually performing crypto calculations on large multibyte integers.



  • Fix double free crash with libssl 1.1.1b


  • Hotfix release for crash in ecdsa_write()


  • askpass() has been moved into its own package and gains native programs for MacOS and Windows.
  • Added ecdsa_parse() and ecdsa_write() to support JWT signatures (jose pkg)


  • MacOS and Windows binaries now ship with libssl 1.1.1 (TLS 1.3 support)
  • Windows (breaking): my_key() and my_pubkey() now interpret ~/ as windows home dir instead of documents dir, for compatibility with other software.
  • my_pubkey() no longer uses USER_PUBKEY but instead USER_KEY + ".pub"
  • Use the OpenSSL 1.1 API in LibreSSL 2.7
  • Suppress echo in askpass if stdin is a tty


  • Improve system error messages in download_ssl_cert()
  • Fix unit test (password error message) for libcrypto 1.1.1



  • Add the 'name' field to read_p12() output
  • Add write_pkcs1() for legacy OpenSSH keys
  • Fix unit tests using (Google changed crt files to DER)


  • Workaround failing test on Mavericks due to IPv6 firewall issue


  • Fix build on OSX Mavericks


  • Configure script checks SHLIB_VERSION_NUMBER to find matching lib
  • Added internal stopifnot() replacement to give more helpful error mesasges
  • Add live SSL unit tests from
  • Fix for OpenBSD/FreeBSD (#41)
  • Added as.integer.bignum() method
  • Update maintainer email address
  • Add symbol registration call in R_init_openssl
  • Reject empty digests when signing (#44)
  • Use OPENSSL_free to free OpenSSL's allocations (#44)
  • Cleanups for ec_keygen() (#44)
  • Windows: update OpenSSL to 1.1.0f


  • Add read_p7b() and write_p7b() for certificate bundles
  • Rename read_pkcs12 / write_pkcs12 to read_p12 / write_p12
  • More unit test for rountripping certs
  • Workaround for PEM files with "RSA PUBLIC KEY" instead of "PUBLIC KEY" header
  • Fix example in bignum vignette for OpenSSL 1.1.0 (increase RSA key size)
  • Sync bundled cacert.pem with Mozilla as of: Wed Sep 14 03:12:05 2016
  • Added blake2b and blake2s hash functions (only available in libssl 1.1)
  • Fix support for LibreSSL
  • Windows: update libssl/libcrypto to 1.1.0c


  • Support for new API in OpenSSL 1.1.0
  • Remove 'pseudo_rand_bytes()' (deprecated in libssl)
  • Work around missing EVP_CIPH_GCM_MODE in OpenSSL 1.0.0
  • Add read_pkcs12() and write_pkcs12() functions
  • Add read_pem() for debugging PEM files
  • Add base methods [, [[, $, names, .DollarNames for keys and certificates
  • Update libssl on Windows to 1.0.2h
  • Add #define _POSIX_C_SOURCE in ssl.c to ensure getaddrinfo() is available
  • Add as.character.hash method for raw hashes
  • Clear error buffer when raising an error


  • Fix ec_keygen() for old versions of OpenSSL
  • Added aes_ctr() and aes_gcm() modes
  • Added aes_keygen()
  • Added bignum_mod_inv()
  • Internal tools for JWT/JWK support (see pkg: jose)


  • Added ec_dh() function for ECDH
  • Added --atleast-version=1.0 to pkg-config in configure script
  • Switch as.list(cert) to RFC2253 format for 'subject' and 'issuer' fields


  • Disable EC stuff for OPENSSL_NO_EC (needed on some Solaris / Gentoo)
  • Added openssl_config() function to test if libssl is built with EC support
  • Make configure script bourne compatible (remove bash shebang)
  • Tweak for OpenBSD in ssl.c
  • Added sha224, sha384 and sha2 functions
  • Export the fingerprint function


  • Fix for getaddrinfo() in Solaris
  • Use the configurable askpass() for password prompt


  • Switched download_ssl_cert to getaddrinfo() api for ipv6 support
  • Fix for example for naming conflict with new digest package


  • Configure script now checks for OpenSSL minimum version 1.0.0


  • Breaking change: hash functions now use hmac 'key' instead of a 'salt'
  • The my_key() and my_pubkey() functions now work as documented
  • as.list(cert) add alt_names field for https certs with multiple domains
  • added export_pem for certificates


  • Added --force-bottle to autobrew installer
  • Use nonblocking socket in ssl to set connection timeout
  • Fix UBSAN problem in ssl.c
  • Fix ASAN problem in hash.c


  • Major overhaul, add encryption, signature, cert stuff
  • Upgrade libssl and libcrypto on windows to 1.0.2d


  • Added base64 functions

Reference manual

It appears you don't have a PDF plugin for this browser. You can click here to download the reference manual.


1.3 by Jeroen Ooms, 2 months ago

Report a bug at

Browse source code at

Authors: Jeroen Ooms [aut, cre] , Oliver Keyes [ctb]

Documentation:   PDF Manual  

MIT + file LICENSE license

Imports askpass

Suggests testthat, digest, knitr, rmarkdown, jsonlite, jose

System requirements: OpenSSL >= 1.0.1

Imported by AzureAuth, AzureContainers, AzureGraph, AzureKeyVault, AzureKusto, AzureStor, ExPanDaR, RPresto, RSelenium, RTD, SensusR, aphid, base64, bcrypt, credentials, cyphr, encryptr, geonapi, geosapi, googleCloudStorageR, httr, icesSAG, ids, insect, keyring, kmer, mlflow, mongolite, mstrio, opencpu, ows4R, pinnacle.API, pkgdown, rbtc, reconstructr, rsconnect, rzeit2, scidb, secret, sparklyr, splashr, wilson.

Depended on by jose.

Suggested by base64url, dataone, rtweet, stevedore.

See at CRAN