| From: | Joel Jacobson <joel(at)trustly(dot)com> |
|---|---|
| To: | Marko Tiikkaja <marko(at)joh(dot)to>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Thomas Munro <munro(at)ip9(dot)org> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pgcrypto: PGP signatures |
| Date: | 2014-09-04 16:16:11 |
| Message-ID: | CAASwCXfoUFKp8+BwgnXkPTa-9ev1jgbHyNMzmqbinAX3u8is3w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Marko, et al,
This is a review of the pgcrypto PGP signatures patch:
http://www.postgresql.org/message-id/53EDBCF0.9070205@joh.to
There hasn't been any discussion, at least that I've been able to find.
Contents & Purpose
==================
This patch add functions to create, verify and extract infromation
from OpenPGP signatures. Previously pgcrypto only peformed
PGP encrypt/decrypt, not sign/verify. This is a painful limitation
since a very common use-case for OpenPGP is the signature-part,
where two parties want to verify messages originate from each other,
and not only encrypt the messages.
Included in the patch are updated regression test cases and documentation.
Initial Run
===========
The patch applies cleanly to HEAD after changing a single line in the patch:
< ! Giving this function a secret key will produce an error.
---
> ! Giving this function a secret key will produce a error.
This grammar fix was already fixed in 05258761bf12a64befc9caec1947b254cdeb74c5,
and therefore caused the conflict.
The 144 regression tests all pass successfully against the new patch.
Conclusion
==========
Since I'm using these functions in the BankAPI project,
https://github.com/trustly/bankapi, I have tested them
by actually using them in production, in addition to the provided
regression tests, which is a good sign they are working not just
in theory.
+1 for committer review after the changes suggested by Jeff Janes and
Thomas Munro.
On Fri, Aug 15, 2014 at 9:55 AM, Marko Tiikkaja <marko(at)joh(dot)to> wrote:
> Hi,
>
>
> On 8/7/14 12:15 PM, I wrote:
>>
>> Here's v2 of the patch. I've changed the info-extracting code to not
>> look for signatures beyond the data, which also meant that it had to
>> parse one-pass signatures (which it didn't do before). This matches the
>> behaviour of the main decryption code.
>
>
> Here's the latest version where I've added the option to extract the
> creation time from the signatures.
>
>
>
> .marko
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2014-09-04 16:19:39 | Re: B-Tree support function number 3 (strxfrm() optimization) |
| Previous Message | Atri Sharma | 2014-09-04 16:14:14 | Re: Join push-down support for foreign tables |