Thread: [patch 6/7] small updates for README

[patch 6/7] small updates for README

From
Marko Kreen
Date:
o  Tom stuck a CVS id into file.  I doubt the usefulness of it,
   but if it needs to be in the file then rather at the end.
   Also tag it as comment for asciidoc.
o  Mention bytea vs. text difference
o  Couple clarifications


Index: pgsql/contrib/pgcrypto/README.pgcrypto
===================================================================
*** pgsql.orig/contrib/pgcrypto/README.pgcrypto
--- pgsql/contrib/pgcrypto/README.pgcrypto
***************
*** 1,4 ****
- $PostgreSQL: pgsql/contrib/pgcrypto/README.pgcrypto,v 1.12 2005/07/18 17:17:12 tgl Exp $

  pgcrypto - cryptographic functions for PostgreSQL
  =================================================
--- 1,3 ----
*************** cracking.  Or may not.
*** 278,284 ****
  -------------------

  The functions here implement the encryption part of OpenPGP (RFC2440)
! standard.


  5.1.  Overview
--- 277,283 ----
  -------------------

  The functions here implement the encryption part of OpenPGP (RFC2440)
! standard.   Supported are both symmetric-key and public-key encryption.


  5.1.  Overview
*************** Options are described in section 5.7.
*** 334,339 ****
--- 333,342 ----

  Decrypt a symmetric-key encrypted PGP message.

+ Decrypting bytea data with `pgp_sym_decrypt` is disallowed.
+ This is to avoid outputting invalid character data.  Decrypting
+ originally textual data with `pgp_sym_decrypt_bytea` is fine.
+
  Options are described in section 5.7.


*************** key is password-protected, you must give
*** 362,367 ****
--- 365,374 ----
  there is no password, but you want to specify option for function, you
  need to give empty password.

+ Decrypting bytea data with `pgp_pub_decrypt` is disallowed.
+ This is to avoid outputting invalid character data.  Decrypting
+ originally textual data with `pgp_pub_decrypt_bytea` is fine.
+
  Options are described in section 5.7.


*************** cipher-algo::
*** 422,428 ****
    Default: aes128
    Applies: pgp_sym_encrypt, pgp_pub_encrypt

-
  compress-algo::
    Which compression algorithm to use.  Needs building with zlib.

--- 429,434 ----
*************** s2k-cipher-algo::
*** 492,498 ****
    Which cipher to use for encrypting separate session key.

    Values: bf, aes, aes128, aes192, aes256
!   Default: same as cipher-algo.
    Applies: pgp_sym_encrypt

  unicode-mode::
--- 498,504 ----
    Which cipher to use for encrypting separate session key.

    Values: bf, aes, aes128, aes192, aes256
!   Default: use cipher-algo.
    Applies: pgp_sym_encrypt

  unicode-mode::
*************** Generate a new key:
*** 513,519 ****

      gpg --gen-key

! You need to pick "DSA and Elgamal" key type, others are sign-only.

  List keys:

--- 519,528 ----

      gpg --gen-key

! The preferred key type is "DSA and Elgamal".
!
! For RSA encryption you must create either DSA or RSA sign-only key
! as master and then add RSA encryption subkey with `gpg --edit-key`.

  List keys:

*************** You need to use `dearmor()` on them befo
*** 531,536 ****
--- 540,548 ----
  pgp_pub_* functions.  Or if you can handle binary data, you can drop
  "-a" from gpg.

+ For more details see `man gpg`, http://www.gnupg.org/gph/en/manual.html[
+ The GNU Privacy Handbook] and other docs on http://www.gnupg.org[] site.
+

  5.10.  Limitations of PGP code
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*************** pgp_pub_* functions.  Or if you can hand
*** 538,546 ****
  - No support for signing.  That also means that it is not checked
    whether the encryption subkey belongs to master key.

! - No support for RSA keys.  Only Elgamal encryption keys are supported

! - No support for several encryption subkeys.


  6.  Raw encryption
--- 550,562 ----
  - No support for signing.  That also means that it is not checked
    whether the encryption subkey belongs to master key.

! - No support for encryption key as master key.  As such practice
!   is generally discouraged, it should not be a problem.

! - No support for several subkeys.  This may seem like a problem, as this
!   is common practice.  On the other hand, you should not use your regular
!   GPG/PGP keys with pgcrypto, but create new ones, as the usage scenario
!   is rather different.


  6.  Raw encryption
*************** I have used code from following sources:
*** 631,636 ****
--- 647,655 ----
  9.1.  Useful reading
  ~~~~~~~~~~~~~~~~~~~~~

+ http://www.gnupg.org/gph/en/manual.html[]::
+     The GNU Privacy Handbook
+
  http://www.openwall.com/crypt/[]::
      Describes the crypt-blowfish algorithm.

*************** http://jlcooke.ca/random/[]::
*** 673,675 ****
--- 692,698 ----

  http://www.cs.ut.ee/~helger/crypto/[]::
      Collection of cryptology pointers.
+
+
+ // $PostgreSQL: pgsql/contrib/pgcrypto/README.pgcrypto,v 1.12 2005/07/18 17:17:12 tgl Exp $
+

--