Dear PostgreSQL Development Team,
I would like to request the addition of support for the AES-128-CFB mode in the pgcrypto extension. Currently, pgcrypto supports AES encryption modes like ECB and CBC, but it does not include CFB mode, which is essential for certain use cases.
In managed environments such as Azure Database for PostgreSQL - Flexible Server, users are unable to create or install custom extensions. This restriction makes it challenging to work with encrypted data that relies on AES-128-CFB, as we cannot use custom solutions to handle this algorithm. Adding CFB mode support to pgcrypto would address this limitation and expand its usability in managed PostgreSQL environments.
Implementing AES-128-CFB in pgcrypto should require only minimal changes, as it is already built on OpenSSL, which supports the CFB mode natively. Including this functionality would also align pgcrypto with the principle of providing robust cryptographic support, similar to other database solutions.
Why This Matters:
- Compatibility: Many existing systems encrypt data using AES-128-CFB, and without native support in
pgcrypto, PostgreSQL users must resort to inefficient workarounds. - Consistency:
pgcrypto already supports other AES modes (e.g., ECB, CBC). Including CFB would ensure that its AES capabilities are complete. - Ease of Implementation: OpenSSL already provides a straightforward API for AES-128-CFB, so adding it to
pgcrypto should require only a few lines of code.
This enhancement would greatly benefit users in managed environments and improve the flexibility of PostgreSQL as a whole.
Thank you for considering this request. I would be happy to assist in testing or providing further information if needed.
Best regards,
Vladyslav Nebozhyn
