On Thu, 18 May 2006 06:44:55 -0600
Michael Fuhr <mike@fuhr.org> wrote:
> On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> > Are there any encryption functions that can be used in
> > SQL inserts and selects directly? For example like
> > "select encryptin_function('test_to_be_encrypted'), ........"
>
> See the contrib/pgcrypto module. It has functions like digest()
> for making SHA1, MD5, and other digests; hmac() for making Hashed
> Message Authentication Codes; and encrypt()/encrypt_iv() and
> decrypt()/decrypt_iv() for doing encryption and decryption. Since
> 8.1 pgcrypto also has functions for doing OpenPGP symmetric and
> public-key encryption.
If your requirements are simpler check out the genpass module. It is a
DES3 encrypted type. You can do things like "SELECT * FROM table WHERE
passw = 'hello'" and it will find passwords that are entered as 'hello'
even though they are stored encrypted. Example:
darcy=# select 'hello'::chkpass; chkpass
----------------:v1L3NdWy0OHlQ
(1 row)
darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';?column?
----------t
(1 row)
darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';?column?
----------f
(1 row)
Note that the leading colon says that the string is already encrypted.
This allows dump and restore to work correctly.
--
D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
