encryptedRmd icon indicating copy to clipboard operation
encryptedRmd copied to clipboard

Published 20 hours ago • verified publisher icon dirkschumacher

Security audit

Open dirkschumacher opened this issue 4 years ago • 1 comments

It would be great if another pair of eyes could look at the security of the package. In particular the encryption.

Relevant lines are here (only 3: key, nonce and encrypt): https://github.com/dirkschumacher/encryptedRmd/blob/8365a7d9e2f9c827a2ecfae97ccc7a53c52fbb59/R/encrypted_html_document.R#L13-L22

For decryption, the JS code is in devel. However IMHO encryption is the most critical part. The JS code is only used for decryption purposes.

dirkschumacher avatar Jan 05 '20 16:01 dirkschumacher

Maybe messaging the key by default might not be the most secure thing.

dirkschumacher avatar Jan 05 '20 16:01 dirkschumacher