rpki is a wrapper package that PKI-enables the httr package and the built-in download.file() method. Conceptually, rpki is similar to the Python pypki2 and ipydeps packages, and is intended to use the same mypki configuration file.
- Download rpki from the git repository and unzip the folder. Rename the folder to
rpkiif necessary. - Open a terminal and go to the directory where the
rpkifolder was downloaded. - Run the command
R CMD INSTALL rpki
- R (>= 3.3.0)
- curl - should be installed and executable from the command line (i.e. on the PATH)
- openssl - should be installed and exucutable from the command line (i.e. on the PATH)
At minimum, you must provide a pkcs#12 file (and password) and Certificate Authority bundle
library(rpki)
pki_enable_httr(pki_file = '/path/to/my/pki_file.p12', ca_file = 'path/to/my/ca_bundle.crt')
resp <- GET('https://your.pki.enabled.website/path/to/whatever')Alternatively, the pki file and CA bundle can be defined in a configuration file (see below) and placed in your home directory at ~/.mypki for reuse. You only need to provide the pki password once per R session.
library(rpki)
pki_enable_httr()
resp <- GET('https://your.pki.enabled.website/path/to/whatever')rpki can run in interactive or non-interactive R sessions. The major difference is the pki passphrase must be passed in plain text for non-interactive sessions (see examples below). All examples below assume a mypki configuration file has been created (see section on .mypki configuration file).
library(rpki)
pki_enable_httr() # will prompt for pki passphrase if necessary
GET('https://your.pki.enabled.website/path/to/whatever')rpki can run in non-interactive sessions when the pki passphrase is explicitly provided.
library(rpki)
pki_enable_httr(password = 'my_pki_passphrase') # will not prompt for pki passphrase
GET('https://your.pki.enabled.website/path/to/whatever')library(rpki)
pki_enable_download_file() # will prompt for passphrase
install.packages('my_private_package')library(rpki)
pki_enable_download_file(password = 'my_pki_passphrase')
install.packages('my_private_package')Configuration options can be explicitly defined in order to override default settings (interactive or non-interactive mode).
library(rpki)
pki_enable_httr(ca_file = '/path/to/certificate_authority.crt',
pki_file = '/path/to/my/pki.p12',
override = TRUE)
GET('https://your.pki.enabled.website/path/to/whatever')
pki_enable_download_file() # will not prompt for password again
install.packages('my_private_package')library(rpki)
pki_enable_httr(ca_file = '/path/to/certificate_authority.crt',
pki_file = '/path/to/my/pki.p12',
password = 'my_pki_passphrase',
override = TRUE)
GET('https://your.pki.enabled.website/path/to/whatever')
pki_enable_download_file() # will not prompt for password again
install.packages('my_private_package')By default rpki expects a .mypki configuration file to be located in the user's home directory at ~/.mypki. If the configuration file is invalid or corrupt, the user will be prompted for file paths to a certificate authority bundle and a PKI file. rpki will only prompt the user for a pki passphrase once per R session.
To pki-enable the httr package, rpki modifies the following httr config settings
- cainfo
- sslcert
- sslkey
- keypasswd
To pki-enable the download.file() method, the download method is set to "curl" and the following extra curl command line arguments are set
- cacert
- cert
- key
- pass
By modifying download.file(), the standard install.packages() function can be used to install packages over secure connections (https).
A .mypki configuration file is in json format and defines the absolute file paths to a Certificate Authority (CA) bundle and a pkcs#12 digital certificate.
{
"ca": "/path/to/certificate_authority_bundle.crt",
"p12": {
"path": "/path/to/pki_digital_certificate.p12"
}
}