Thread: Encryption functions
Hi,<br /><br />Are there any encryption functions that can be used in SQL inserts and selects directly ? For example
like"select encryptin_function('test_to_be_encrypted'), ........"<br /><br />Thanks and regards,<br />-Thusitha<br />
On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> Are there any encryption functions that can be used in
> SQL inserts and selects directly? For example like
> "select encryptin_function('test_to_be_encrypted'), ........"
See the contrib/pgcrypto module. It has functions like digest()
for making SHA1, MD5, and other digests; hmac() for making Hashed
Message Authentication Codes; and encrypt()/encrypt_iv() and
decrypt()/decrypt_iv() for doing encryption and decryption. Since
8.1 pgcrypto also has functions for doing OpenPGP symmetric and
public-key encryption.
--
Michael Fuhr
On Thu, 18 May 2006 06:44:55 -0600
Michael Fuhr <mike@fuhr.org> wrote:
> On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> > Are there any encryption functions that can be used in
> > SQL inserts and selects directly? For example like
> > "select encryptin_function('test_to_be_encrypted'), ........"
>
> See the contrib/pgcrypto module. It has functions like digest()
> for making SHA1, MD5, and other digests; hmac() for making Hashed
> Message Authentication Codes; and encrypt()/encrypt_iv() and
> decrypt()/decrypt_iv() for doing encryption and decryption. Since
> 8.1 pgcrypto also has functions for doing OpenPGP symmetric and
> public-key encryption.
If your requirements are simpler check out the genpass module. It is a
DES3 encrypted type. You can do things like "SELECT * FROM table WHERE
passw = 'hello'" and it will find passwords that are entered as 'hello'
even though they are stored encrypted. Example:
darcy=# select 'hello'::chkpass; chkpass
----------------:v1L3NdWy0OHlQ
(1 row)
darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';?column?
----------t
(1 row)
darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';?column?
----------f
(1 row)
Note that the leading colon says that the string is already encrypted.
This allows dump and restore to work correctly.
--
D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
On Thu, 18 May 2006 09:13:39 -0400 "D'Arcy J.M. Cain" <darcy@druid.net> wrote: > If your requirements are simpler check out the genpass module. It is a Sorry, chkpass module. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Thanks Michael, I'll check that module.<br /><br /><br /><b><i>Michael Fuhr <mike@fuhr.org></i></b>
wrote:<blockquoteclass="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
OnThu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:<br />> Are there any encryption functions that can
beused in<br />> SQL inserts and selects directly? For example like<br />> "select
encryptin_function('test_to_be_encrypted'),........"<br /><br />See the contrib/pgcrypto module. It has functions like
digest()<br/>for making SHA1, MD5, and other digests; hmac() for making Hashed<br />Message Authentication Codes; and
encrypt()/encrypt_iv()and<br />decrypt()/decrypt_iv() for doing encryption and decryption. Since<br />8.1 pgcrypto also
hasfunctions for doing OpenPGP symmetric and<br />public-key encryption.<br /><br />-- <br />Michael Fuhr<br /><br
/>---------------------------(endof broadcast)---------------------------<br />TIP 5: don't forget to increase your
freespace map settings<br /></blockquote><br />
Thanks for the guidance .<br /><br />-Thusitha<br /><br /><b><i>"D'Arcy J.M. Cain" <darcy@druid.net></i></b>
wrote:<blockquoteclass="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
OnThu, 18 May 2006 06:44:55 -0600<br />Michael Fuhr wrote:<br /><br />> On Thu, May 18, 2006 at 04:21:19AM -0700,
ThusithaKodikara wrote:<br />> > Are there any encryption functions that can be used in<br />> > SQL
insertsand selects directly? For example like<br />> > "select encryptin_function('test_to_be_encrypted'),
........"<br/>> <br />> See the contrib/pgcrypto module. It has functions like digest()<br />> for making
SHA1,MD5, and other digests; hmac() for making Hashed<br />> Message Authentication Codes; and
encrypt()/encrypt_iv()and<br />> decrypt()/decrypt_iv() for doing encryption and decryption. Since<br />> 8.1
pgcryptoalso has functions for doing OpenPGP symmetric and<br />> public-key encryption.<br /><br />If your
requirementsare simpler check out the genpass module. It is a<br />DES3 encrypted type. You can do things like "SELECT
*FROM table WHERE<br />passw = 'hello'" and it will find passwords that are entered as 'hello'<br />even though they
arestored encrypted. Example:<br /><br />darcy=# select 'hello'::chkpass;<br /> chkpass<br />----------------<br />
:v1L3NdWy0OHlQ<br/>(1 row)<br /><br />darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';<br /> ?column?<br
/>----------<br/> t<br />(1 row)<br /><br />darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';<br /> ?column?<br
/>----------<br/> f<br />(1 row)<br /><br />Note that the leading colon says that the string is already encrypted.<br
/>Thisallows dump and restore to work correctly.<br /><br />-- <br />D'Arcy J.M. Cain | Democracy is three wolves<br
/>http://www.druid.net/darcy/| and a sheep voting on<br />+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.<br
/><br/>---------------------------(end of broadcast)---------------------------<br />TIP 3: Have you checked our
extensiveFAQ?<br /><br /> http://www.postgresql.org/docs/faq<br /></blockquote><br />