From: | "Marko Kreen" <markokr(at)gmail(dot)com> |
---|---|
To: | "Stefan Niantschur" <sniantschur(at)web(dot)de> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: pgcrypto functions fail for asymmetric encryption/decryption |
Date: | 2007-11-30 10:06:37 |
Message-ID: | e51f66da0711300206q3393a6aend1bfce09b3cf78e@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 11/29/07, Stefan Niantschur <sniantschur(at)web(dot)de> wrote:
> I have a table with userids and public keys. I want to write a function
> which does a select and returns the result pgp encrypted.
>
> However, I have some problems:
Could you send the keys you have problems with? If actual keys
then ofcourse generate temp-keys instead.
Or at least send key parameters (gpg --list-keys output).
Also I need PostgreSQL version, if its compiled with OpenSSL,
then OpenSSL version, your OS and CPU info, just in case.
Compiler + compiler options maybe too.
> SELECT encode(decode((SELECT ens_pubkey FROM
> ens_user)::text,'escape'),'escape'::text)::text;
> -> returns the public key, => ok
>
> SELECT armor(dearmor((SELECT ens_pubkey FROM ens_user)::text));
> -> returns the key in a different format, => problem
You mean it gives fixed header? Both pgcrypto and gpg ignore
it anyway, so I did not bother guessing it. But if it really
causes problems (doubtful) it can be fixed by looking at data.
> SELECT
> armor(pgp_pub_encrypt_bytea(armor(pgp_sym_encrypt('geheim'::text,'test'::text))::bytea,dearmor((SELECT
> ens_pubkey FROM ens_user WHERE ens_userid = 10112)::text)));
> -> returns a pgp-encrypted message which cannot be decrypted by GnuPG,
> => problem
This query does not parse, but if I remove the bytea case it works.
How does GnuPG fail?
> SELECT
> pgp_pub_decrypt(dearmor(armor(pgp_pub_encrypt(armor(pgp_sym_encrypt('geheim'::text,'test'::text)),dearmor((SELECT
> ens_pubkey FROM ens_user WHERE ens_userid =
> 10112)::text)))),dearmor((SELECT ens_privkey FROM ens_user WHERE
> ens_userid = 10112)::text),'test'::text);
> -> returns 'ERROR: Corrupt data' => problem
Works for me.
> SELECT
> pgp_key_id(pgp_pub_encrypt_bytea(armor(pgp_sym_encrypt('geheim'::text,'test'::text))::bytea,dearmor((SELECT
> ens_pubkey FROM ens_user WHERE ens_userid = 10112)::text)));
> -> returns the correct key id of the deployed public key
>
> So, if I cannot decrypt the message which I have been encrypting with
> the appropriate keys, how can I proceed?
>
> I want to encrypt messages in postgres and decrypt it elsewhere,
> However, the result of the encryption algorithm seems to deliver a
> wrong result. Otherwise I cannot explain why encrypting and immidiately
> decrypting the message fails.
>
> The same proceeding is succesful when using symmetric keys:
> SELECT
> pgp_sym_decrypt((pgp_sym_encrypt('geheim'::text,'test'::text)),'test'::text);
> -> returns 'geheim' which is the encrypted and then again decrypted
> message.
>
> What did I wrong when trying to use asymmetric encryption?
Generally the stuff you try should work, although some of the
dermor(armor()) and pgp_pub_encrypt(pgp_sym_encrypt()) stuff
seem to be excessive.
So either you have found a bug in pgcrypto which is dependant
on public key algo/OS/CPU/OpenSSL/compiler details or you
have some mistake on your own (eg, your private and public key
does not match).
So I need more details to understand your problem.
--
marko
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2007-11-30 10:07:35 | Re: invalid byte sequence for encoding "UTF8" |
Previous Message | Gregory Stark | 2007-11-30 10:03:38 | Re: invalid byte sequence for encoding "UTF8" |