pgcrypto pgp_pub_decrypt with passphrase broken - Mailing list pgsql-admin

From Ron Peterson
Subject pgcrypto pgp_pub_decrypt with passphrase broken
Date
Msg-id 20110429203026.GG11013@mtholyoke.edu
Whole thread Raw
List pgsql-admin
AFAIKT, pgp_pub_decrypt is broken if you protect your private key with a
passphrase.  e.g.

works:
pgp_pub_decrypt( pgp_pub_encrypt( 'secret', dearmor(pubkey) ),
                 dearmor(privkey) )

fails:
pgp_pub_decrypt( pgp_pub_encrypt( 'secret', dearmor(pubkey) ),
                 dearmor(privkey),
                 'passphrase' )

The error maps to PXE_MBUF_SHORT_READ, which is only thrown by mbuf.c,
in the pullf_read_fixed function.  This function is called from various
places; tracing the problem back, I believe the problem arises in
process_secret_key from pgp-pubkey.c, on this call to pgp_mpi_read:

        case PGP_PUB_RSA_ENCRYPT_SIGN:
            res = pgp_mpi_read(pkt, &pk->sec.rsa.d);
            if (res < 0)
                break;

That's as far back as I went (just throwing in fprintf statements to
trace things).

PostgreSQL 9.0.3
Keys created by GPG 1.4.10

Any ideas how to fix this?

-Ron-

pgsql-admin by date:

Previous
From: "Kevin Grittner"
Date:
Subject: Re: index usage on timestamp without time zone
Next
From: "Anibal David Acosta"
Date:
Subject: Postgres TimeZone