From: | Michel Pelletier <pelletier(dot)michel(at)gmail(dot)com> |
---|---|
To: | Marc Munro <marc(at)bloodnok(dot)com> |
Cc: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: GPG signing |
Date: | 2020-05-27 21:50:25 |
Message-ID: | CACxu=vJEhv4XaRc1rGLJ=FxFgLRZddXThoGq_913JxQgMr8C9w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
As it's not well documented yet (sorry) I'm following up to add signing is
done with `crypto_sign()` and `crypto_sign_open()`
https://github.com/michelp/pgsodium/blob/master/test.sql#L73
On Wed, May 27, 2020 at 2:42 PM Michel Pelletier <pelletier(dot)michel(at)gmail(dot)com>
wrote:
> Hi Marc,
>
> You can sign content with pgsodium:
>
> https://github.com/michelp/pgsodium
>
> On Tue, May 26, 2020 at 12:21 PM Marc Munro <marc(at)bloodnok(dot)com> wrote:
>
>> On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote:
>> > On 5/26/20 12:01 PM, Marc Munro wrote:
>> > > I need to be able to cryptographically sign objects in my database
>> > > using a public key scheme.
>> > > [ . . . ]
>> > > Any other options? Am I missing something?
>> >
>> > https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7
>>
>> I looked at that but I must be missing something. In order to usefully
>> sign something, the private, secret, key must be used to encrypt a
>> disgest of the thing being signed (something of a simplification, but
>> that's the gist). This can then be verified, by anyone, using the
>> public key.
>>
>> But the pgcrypto functions, for good reasons, do not allow the private
>> (secret) key to be used in this way. Encryption and signing algorithms
>> are necessarily different as the secret key must be protected; and we
>> don't want signatures to be huge, and it seems that pgcrypto has not
>> implemented signing algorithms.
>>
>> What am I missing?
>>
>> __
>> Marc
>>
>>
>>
From | Date | Subject | |
---|---|---|---|
Next Message | James Brauman | 2020-05-28 03:09:23 | SELECT query results are different depending on whether table statistics are available. |
Previous Message | Michel Pelletier | 2020-05-27 21:42:35 | Re: GPG signing |