pgcrypto 0.4 - Mailing list pgsql-general

From Marko Kreen
Subject pgcrypto 0.4
Date
Msg-id 20011125212209.A23229@l-t.ee
Whole thread Raw
List pgsql-general
Hello,

Here's pgcrypto version 0.4.  The same code will appear in
contrib/pgcrypto in PostgreSQL 7.2, this is a standalone release
for PostgreSQL 7.0.x and 7.1.x.

    http://www.l-t.ee/marko/pgsql/pgcrypto-0.4.tar.gz

I consider 0.4.x versions a 'stable' branch as it is basically
feature-complete with what I planned in beginning.


Things it provides:

* digest(data, type) function for hashing.
  Builtin algorithms: MD5, SHA1.

* hmac(data, key, type) function for RFC2104 Hashed Message
  Authentication Codes - sort of a key'ed hashes.
  Builtin algorithms: MD5, SHA1.

* UN*X like crypt(key, salt) and gen_salt(type)
  old DES, extended DES, MD5 and Blowfish crypt.

* encrypt(data, key, type)/decrypt(...) functions.
  Builtin algorithms: Blowfish, Rijndael/AES.

* encode()/decode() functions for base64/hex encoding.
  For PostgreSQL 7.0/7.1, 7.2 has this in core.

* You can link it with external library to get more algorithms:
  OpenSSL and MHASH+MCRYPT are currently supported.

Changes since 0.3:
==================

Features:
* Rijndael and Blowfish as builtin ciphers
* Blowfish crypt
* nicer regression tests
* lotsa source cleanups

Fixes:
* base64 now works...
* Uses bytea instead text for 8-bit data.
* oversized key to encrypt/decrypt corrupted memory
* decrypt did not remove padding bytes if data
  was multiple of block size

Future
======

This could be called a '1.0' release as only near-term thing
missing are some source cleanups and more regression tests
to make sure it handles other ciphers beside AES and Blowfish
right (it probably does).

But there is a problem with encrypt/decrypt - namely they are
too simple.  They dont use techniques as keygen, MAC-ing the
data and session keys which are rather mandatory in current
state-of-the-art cryptography.

So for 0.5.x series I plan to implement a subset of OpenPGP
standard - password based encryptionas - as pgp_encrypt() functions.
It should not be that hard, as lot of lower infrastructure is ready,
but I am not sure when I find time for it.  So, if anyone is interested
in hacking crypto, you are welcome to give a hand.

--
marko


pgsql-general by date:

Previous
From: "Mancz, James"
Date:
Subject: Re: select extract and subqueries
Next
From: "Peter Ondruska"
Date:
Subject: 7.1.3 build on Solaris 8 with Sun CC