| From: | Michel Pelletier <pelletier(dot)michel(at)gmail(dot)com> |
|---|---|
| To: | Marc Munro <marc(at)bloodnok(dot)com> |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: GPG signing |
| Date: | 2020-05-27 21:42:35 |
| Message-ID: | CACxu=v+uEErqbeH4nwdoh=K5q-8cg4o8K19FgLatrLp2Y2KX1A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi Marc,
You can sign content with pgsodium:
https://github.com/michelp/pgsodium
On Tue, May 26, 2020 at 12:21 PM Marc Munro <marc(at)bloodnok(dot)com> wrote:
> On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote:
> > On 5/26/20 12:01 PM, Marc Munro wrote:
> > > I need to be able to cryptographically sign objects in my database
> > > using a public key scheme.
> > > [ . . . ]
> > > Any other options? Am I missing something?
> >
> > https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7
>
> I looked at that but I must be missing something. In order to usefully
> sign something, the private, secret, key must be used to encrypt a
> disgest of the thing being signed (something of a simplification, but
> that's the gist). This can then be verified, by anyone, using the
> public key.
>
> But the pgcrypto functions, for good reasons, do not allow the private
> (secret) key to be used in this way. Encryption and signing algorithms
> are necessarily different as the secret key must be protected; and we
> don't want signatures to be huge, and it seems that pgcrypto has not
> implemented signing algorithms.
>
> What am I missing?
>
> __
> Marc
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michel Pelletier | 2020-05-27 21:50:25 | Re: GPG signing |
| Previous Message | Adrian Klaver | 2020-05-27 19:10:00 | Re: Suggest the Schedular for activities |