On 04.11.22 21:39, Jacob Champion wrote:
> It seems to me that the use case here is extremely similar to the one
> being tackled by Peter E's client-side encryption [1]. People want to
> write SQL to perform a cryptographic operation using a secret, and
> then send the resulting ciphertext (or in this case, a one-way hash)
> to the server, but ideally the server should not actually have the
> secret.
It might be possible, but it's a bit of a reach. For instance, there
are no keys and no decryption associated with this kind of operation.
> I don't think it's helpful for me to try to block progress on this
> patchset behind the other one. But is there a way for me to help this
> proposal skate in the same general direction? Could Peter's encryption
> framework expand to fit this case in the future?
We already have support in libpq for doing this (PQencryptPasswordConn()).
