[patch 6/7] small updates for README - Mailing list pgsql-patches
From | Marko Kreen |
---|---|
Subject | [patch 6/7] small updates for README |
Date | |
Msg-id | 20050801211513.878945000@grue Whole thread Raw |
List | pgsql-patches |
o Tom stuck a CVS id into file. I doubt the usefulness of it, but if it needs to be in the file then rather at the end. Also tag it as comment for asciidoc. o Mention bytea vs. text difference o Couple clarifications Index: pgsql/contrib/pgcrypto/README.pgcrypto =================================================================== *** pgsql.orig/contrib/pgcrypto/README.pgcrypto --- pgsql/contrib/pgcrypto/README.pgcrypto *************** *** 1,4 **** - $PostgreSQL: pgsql/contrib/pgcrypto/README.pgcrypto,v 1.12 2005/07/18 17:17:12 tgl Exp $ pgcrypto - cryptographic functions for PostgreSQL ================================================= --- 1,3 ---- *************** cracking. Or may not. *** 278,284 **** ------------------- The functions here implement the encryption part of OpenPGP (RFC2440) ! standard. 5.1. Overview --- 277,283 ---- ------------------- The functions here implement the encryption part of OpenPGP (RFC2440) ! standard. Supported are both symmetric-key and public-key encryption. 5.1. Overview *************** Options are described in section 5.7. *** 334,339 **** --- 333,342 ---- Decrypt a symmetric-key encrypted PGP message. + Decrypting bytea data with `pgp_sym_decrypt` is disallowed. + This is to avoid outputting invalid character data. Decrypting + originally textual data with `pgp_sym_decrypt_bytea` is fine. + Options are described in section 5.7. *************** key is password-protected, you must give *** 362,367 **** --- 365,374 ---- there is no password, but you want to specify option for function, you need to give empty password. + Decrypting bytea data with `pgp_pub_decrypt` is disallowed. + This is to avoid outputting invalid character data. Decrypting + originally textual data with `pgp_pub_decrypt_bytea` is fine. + Options are described in section 5.7. *************** cipher-algo:: *** 422,428 **** Default: aes128 Applies: pgp_sym_encrypt, pgp_pub_encrypt - compress-algo:: Which compression algorithm to use. Needs building with zlib. --- 429,434 ---- *************** s2k-cipher-algo:: *** 492,498 **** Which cipher to use for encrypting separate session key. Values: bf, aes, aes128, aes192, aes256 ! Default: same as cipher-algo. Applies: pgp_sym_encrypt unicode-mode:: --- 498,504 ---- Which cipher to use for encrypting separate session key. Values: bf, aes, aes128, aes192, aes256 ! Default: use cipher-algo. Applies: pgp_sym_encrypt unicode-mode:: *************** Generate a new key: *** 513,519 **** gpg --gen-key ! You need to pick "DSA and Elgamal" key type, others are sign-only. List keys: --- 519,528 ---- gpg --gen-key ! The preferred key type is "DSA and Elgamal". ! ! For RSA encryption you must create either DSA or RSA sign-only key ! as master and then add RSA encryption subkey with `gpg --edit-key`. List keys: *************** You need to use `dearmor()` on them befo *** 531,536 **** --- 540,548 ---- pgp_pub_* functions. Or if you can handle binary data, you can drop "-a" from gpg. + For more details see `man gpg`, http://www.gnupg.org/gph/en/manual.html[ + The GNU Privacy Handbook] and other docs on http://www.gnupg.org[] site. + 5.10. Limitations of PGP code ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *************** pgp_pub_* functions. Or if you can hand *** 538,546 **** - No support for signing. That also means that it is not checked whether the encryption subkey belongs to master key. ! - No support for RSA keys. Only Elgamal encryption keys are supported ! - No support for several encryption subkeys. 6. Raw encryption --- 550,562 ---- - No support for signing. That also means that it is not checked whether the encryption subkey belongs to master key. ! - No support for encryption key as master key. As such practice ! is generally discouraged, it should not be a problem. ! - No support for several subkeys. This may seem like a problem, as this ! is common practice. On the other hand, you should not use your regular ! GPG/PGP keys with pgcrypto, but create new ones, as the usage scenario ! is rather different. 6. Raw encryption *************** I have used code from following sources: *** 631,636 **** --- 647,655 ---- 9.1. Useful reading ~~~~~~~~~~~~~~~~~~~~~ + http://www.gnupg.org/gph/en/manual.html[]:: + The GNU Privacy Handbook + http://www.openwall.com/crypt/[]:: Describes the crypt-blowfish algorithm. *************** http://jlcooke.ca/random/[]:: *** 673,675 **** --- 692,698 ---- http://www.cs.ut.ee/~helger/crypto/[]:: Collection of cryptology pointers. + + + // $PostgreSQL: pgsql/contrib/pgcrypto/README.pgcrypto,v 1.12 2005/07/18 17:17:12 tgl Exp $ + --
pgsql-patches by date: