Re: GPG signing

As it's not well documented yet (sorry) I'm following up to add signing is
done with `crypto_sign()` and `crypto_sign_open()`

https://github.com/michelp/pgsodium/blob/master/test.sql#L73

On Wed, May 27, 2020 at 2:42 PM Michel Pelletier <pelletier(dot)michel(at)gmail(dot)com>
wrote:

> Hi Marc,
>
> You can sign content with pgsodium:
>
> https://github.com/michelp/pgsodium
>
> On Tue, May 26, 2020 at 12:21 PM Marc Munro <marc(at)bloodnok(dot)com> wrote:
>
>> On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote:
>> > On 5/26/20 12:01 PM, Marc Munro wrote:
>> > > I need to be able to cryptographically sign objects in my database
>> > > using a public key scheme.
>> > > [ . . . ]
>> > > Any other options? Am I missing something?
>> >
>> > https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7
>>
>> I looked at that but I must be missing something. In order to usefully
>> sign something, the private, secret, key must be used to encrypt a
>> disgest of the thing being signed (something of a simplification, but
>> that's the gist). This can then be verified, by anyone, using the
>> public key.
>>
>> But the pgcrypto functions, for good reasons, do not allow the private
>> (secret) key to be used in this way. Encryption and signing algorithms
>> are necessarily different as the secret key must be protected; and we
>> don't want signatures to be huge, and it seems that pgcrypto has not
>> implemented signing algorithms.
>>
>> What am I missing?
>>
>> __
>> Marc
>>
>>
>>