Thread: Problem with encode () and hmac() in pgcrypto
Hi, I am trying to compute a hash string with 172 bytes. I have a openssl RSA private key stored in the postgresql db and a string with some text. I want to sign that string with the private key and the SHA1 algorithm and encode the result in the base64 format. I am writing it inside the pg database in a function that performs other stuff. String to sign: v_em_crt_conc = '2011-01-31;2011-02-01T13:33:38;100036;684.40; ' Private RSA Key: This Key was genarated in OpenSSL with this command: ~$openssl genrsa -out abc.pem 1024 and then copied the content to v_Private v_Private = 'MIICXAIBAAKBgQCfaFpbOjsz0fKygWc9zdvu1XjOSJEZJ9XwlAyayxt2A57OUjxJ GJZBwZDLWx+rYga2B04v5MigY9q/TfrSzbQZpmPf6hC/U36y7pgPce1ijosl7/on 4UejIlLAcqJgkoJVrkaRp0NuX5hcmFiR2z8b+ypHtF3t/JOHkz+gUAmc7wIDAQAB AoGBAIuNcbz356hgHpaDjvyeYfJe1FnTUaOyKitpkPda5HmWhcqeV8SuT6zVZouB BOKm+LUXBC4Nnk473N8px3IRP57rCaLwFdQCrfVMieAkdVPoLIryofo81jF4bbOo yUJ1E901lCbSW8bnPhrWz1zFVWBUHoik2aWIiETs8v7HD8RBAkEA0YKX0SngYo6J 5BX8en9kG0cpE/oXrTOP5cTXuyOK/bG2pikVXfozSIZx3rbszAtAjSH72Mi/djLo WsbEKL0KEQJBAMLHpLOssg06Hyj6XYGi8l6Yhxy2Vsv6qtwbxZ3soysuZrcmxgNm ek1wVyDsuTKRPQYcFgyi2fhaucXPKgzNNv8CQAIqDDFv8k5yVIBTrdECIeGaQZVg PwBeCP2BpAzd2CC4xj8/K2ZWIFN+eAyp7RZKg3cxw61AnaG18uqFJR+anFECQB8b yadUpp9MMBvYWMTSpIkNLU8dpCEx6MX8vYQqfijwYUFRNQDoBhKGJbRBepaj8a4f IDpmbA+pVdBM9PdUczsCQGrwaHYQw0NhUz2WIGvog8HUbkyAPLiWLpwWvwpjoAFs LcoEyU/UxuNTwGSL3o5aYCo1RFCZH0sBnhd4S0DH0JI=' The FUNCTION: encode(hmac(v_em_crt_conc, v_Private,'sha1'),'base64'); The Result: h6CpmrP1QCE/Mp3xn3utUEPtftg= This hash has 28 chars When I use OpenSSL in command line like this: ~$ echo "2011-01-31;2011-02-01T13:33:38;100036;684.40; " | openssl dgst -sha1 -sign abc.pem | openssl enc -base64 -A The Result is: nKfxnt31+kk/RnKihJ0jKufq+nZvmPjVauGo8+tqJ1Y/ah/mAu4jSS1wnzU+wRygZ4CLIV9DGSs9bxBc4r9e71C8s9B5ms6Kpggmc12kdmqVHBRO28bPWb/YLCej59gZFFkvcCudweNAT4qHvVqWsOtFCf9kE4q92UIv1JcwSDU= This hash has 172 chars Does someone know where is my problem? Is there other way to implement? or is it simply impossible?? Thanks in advance Luis -- View this message in context: http://postgresql.1045698.n5.nabble.com/Problem-with-encode-and-hmac-in-pgcrypto-tp3366420p3366420.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On Tue, Feb 1, 2011 at 5:36 PM, hlcborg <h.luis.cardoso@gmail.com> wrote: > encode(hmac(v_em_crt_conc, v_Private,'sha1'),'base64'); HMAC - key-dependant SHA1 > The Result: > > h6CpmrP1QCE/Mp3xn3utUEPtftg= This hash has 28 chars > > When I use OpenSSL in command line like this: > > ~$ echo "2011-01-31;2011-02-01T13:33:38;100036;684.40; " | openssl dgst > -sha1 -sign abc.pem | openssl enc -base64 -A Plain SHA1, which is signed with RSA signature. > The Result is: > > nKfxnt31+kk/RnKihJ0jKufq+nZvmPjVauGo8+tqJ1Y/ah/mAu4jSS1wnzU+wRygZ4CLIV9DGSs9bxBc4r9e71C8s9B5ms6Kpggmc12kdmqVHBRO28bPWb/YLCej59gZFFkvcCudweNAT4qHvVqWsOtFCf9kE4q92UIv1JcwSDU= > > This hash has 172 chars > > Does someone know where is my problem? Is there other way to implement? or > is it simply impossible?? These two operations are not equivalent. -- marko
Hi Marko, OK, > These two operations are not equivalent. But... Can I have this operation done in the Stored Procedure inside the Database? Plain SHA1, which is signed with RSA signature. and in the end encoded to base64? I was looking in the pgcrypto functions, and I haven´t found any that I could use.... I think... Maybe I am not looking for the rigth one. I need to use Plain SHA1 signed with a RSA signature and encoded into base64 due to a new law related to digital signature in invoices in my country. -- Luis -- View this message in context: http://postgresql.1045698.n5.nabble.com/Problem-with-encode-and-hmac-in-pgcrypto-tp3366420p3367159.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On Wed, Feb 2, 2011 at 1:19 AM, hlcborg <h.luis.cardoso@gmail.com> wrote: >> These two operations are not equivalent. > > But... > Can I have this operation done in the Stored Procedure inside the Database? > Plain SHA1, which is signed with RSA signature. and in the end encoded to > base64? > > I was looking in the pgcrypto functions, and I haven´t found any that I > could use.... I think... Maybe I am not looking for the rigth one. > I need to use Plain SHA1 signed with a RSA signature and encoded into base64 > due to a new law related to digital signature in invoices in my country. pgcrypto does not do signing, sorry. But you can do it with PL/Python or PL/Perl and their wrapper libraries around OpenSSL (or any other crypto library). -- marko
Hi For now, I already can use in my PG database the PL/Python to create functions. But I need a library that can do the: > Plain SHA1, which is signed with RSA signature. Do you known any PL/Python wrapper libraries around OpenSSL (or any other crypto library) that I could use. I have found some in the internet, but when I try to compile them there are always errors about undeclared functions or other errors... --- Luis -- View this message in context: http://postgresql.1045698.n5.nabble.com/Problem-with-encode-and-hmac-in-pgcrypto-tp3366420p3369205.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On Thu, Feb 3, 2011 at 2:38 PM, hlcborg <h.luis.cardoso@gmail.com> wrote: > For now, I already can use in my PG database the PL/Python to create > functions. > But I need a library that can do the: >> Plain SHA1, which is signed with RSA signature. > > Do you known any PL/Python wrapper libraries > around OpenSSL (or any other crypto library) that I could use. pycrypto - standalone, non-OpenSSL m2crypto - wrapper for OpenSSL They have bit different feature sets, use whichever you get to work. The are other wrappers around openssl, but they are unmaintained. > I have found some in the internet, but when I try to compile them there are > always errors about undeclared functions or other errors... Please ask help for that from particular project's mailinglist. Perhaps your distro already includes either of them? Then use it, instead of compiling on your own. One note - if you install package in non-standard location, you need to set PYTHONPATH in postgres server environment to point to there, otherwise PL won't see it. -- marko