Thread: Encryption functions

Encryption functions

From
Thusitha Kodikara
Date:
Hi,<br /><br />Are there any encryption functions that can be used in SQL inserts and selects directly ? For example
like"select encryptin_function('test_to_be_encrypted'), ........"<br /><br />Thanks and regards,<br />-Thusitha<br /> 

Re: Encryption functions

From
Michael Fuhr
Date:
On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> Are there any encryption functions that can be used in
> SQL inserts and selects directly?  For example like
> "select encryptin_function('test_to_be_encrypted'), ........"

See the contrib/pgcrypto module.  It has functions like digest()
for making SHA1, MD5, and other digests; hmac() for making Hashed
Message Authentication Codes; and encrypt()/encrypt_iv() and
decrypt()/decrypt_iv() for doing encryption and decryption.  Since
8.1 pgcrypto also has functions for doing OpenPGP symmetric and
public-key encryption.

-- 
Michael Fuhr


Re: Encryption functions

From
"D'Arcy J.M. Cain"
Date:
On Thu, 18 May 2006 06:44:55 -0600
Michael Fuhr <mike@fuhr.org> wrote:

> On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> > Are there any encryption functions that can be used in
> > SQL inserts and selects directly?  For example like
> > "select encryptin_function('test_to_be_encrypted'), ........"
> 
> See the contrib/pgcrypto module.  It has functions like digest()
> for making SHA1, MD5, and other digests; hmac() for making Hashed
> Message Authentication Codes; and encrypt()/encrypt_iv() and
> decrypt()/decrypt_iv() for doing encryption and decryption.  Since
> 8.1 pgcrypto also has functions for doing OpenPGP symmetric and
> public-key encryption.

If your requirements are simpler check out the genpass module.  It is a
DES3 encrypted type.  You can do things like "SELECT * FROM table WHERE
passw = 'hello'" and it will find passwords that are entered as 'hello'
even though they are stored encrypted.  Example:

darcy=# select 'hello'::chkpass;   chkpass
----------------:v1L3NdWy0OHlQ
(1 row)

darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';?column?
----------t
(1 row)

darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';?column?
----------f
(1 row)

Note that the leading colon says that the string is already encrypted.
This allows dump and restore to work correctly.

-- 
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.


Re: Encryption functions

From
"D'Arcy J.M. Cain"
Date:
On Thu, 18 May 2006 09:13:39 -0400
"D'Arcy J.M. Cain" <darcy@druid.net> wrote:
> If your requirements are simpler check out the genpass module.  It is a

Sorry, chkpass module.

-- 
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.


Re: Encryption functions

From
Thusitha Kodikara
Date:
Thanks Michael, I'll check that module.<br /><br /><br /><b><i>Michael Fuhr <mike@fuhr.org></i></b>
wrote:<blockquoteclass="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
OnThu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:<br />> Are there any encryption functions that can
beused in<br />> SQL inserts and selects directly? For example like<br />> "select
encryptin_function('test_to_be_encrypted'),........"<br /><br />See the contrib/pgcrypto module. It has functions like
digest()<br/>for making SHA1, MD5, and other digests; hmac() for making Hashed<br />Message Authentication Codes; and
encrypt()/encrypt_iv()and<br />decrypt()/decrypt_iv() for doing encryption and decryption. Since<br />8.1 pgcrypto also
hasfunctions for doing OpenPGP symmetric and<br />public-key encryption.<br /><br />-- <br />Michael Fuhr<br /><br
/>---------------------------(endof broadcast)---------------------------<br />TIP 5: don't forget to increase your
freespace map settings<br /></blockquote><br /> 

Re: Encryption functions

From
Thusitha Kodikara
Date:
Thanks for the guidance .<br /><br />-Thusitha<br /><br /><b><i>"D'Arcy J.M. Cain" <darcy@druid.net></i></b>
wrote:<blockquoteclass="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
OnThu, 18 May 2006 06:44:55 -0600<br />Michael Fuhr  wrote:<br /><br />> On Thu, May 18, 2006 at 04:21:19AM -0700,
ThusithaKodikara wrote:<br />> > Are there any encryption functions that can be used in<br />> > SQL
insertsand selects directly? For example like<br />> > "select encryptin_function('test_to_be_encrypted'),
........"<br/>> <br />> See the contrib/pgcrypto module. It has functions like digest()<br />> for making
SHA1,MD5, and other digests; hmac() for making Hashed<br />> Message Authentication Codes; and
encrypt()/encrypt_iv()and<br />> decrypt()/decrypt_iv() for doing encryption and decryption. Since<br />> 8.1
pgcryptoalso has functions for doing OpenPGP symmetric and<br />> public-key encryption.<br /><br />If your
requirementsare simpler check out the genpass module. It is a<br />DES3 encrypted type. You can do things like "SELECT
*FROM table WHERE<br />passw = 'hello'" and it will find passwords that are entered as 'hello'<br />even though they
arestored encrypted. Example:<br /><br />darcy=# select 'hello'::chkpass;<br /> chkpass<br />----------------<br />
:v1L3NdWy0OHlQ<br/>(1 row)<br /><br />darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';<br /> ?column?<br
/>----------<br/> t<br />(1 row)<br /><br />darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';<br /> ?column?<br
/>----------<br/> f<br />(1 row)<br /><br />Note that the leading colon says that the string is already encrypted.<br
/>Thisallows dump and restore to work correctly.<br /><br />-- <br />D'Arcy J.M. Cain  | Democracy is three wolves<br
/>http://www.druid.net/darcy/| and a sheep voting on<br />+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.<br
/><br/>---------------------------(end of broadcast)---------------------------<br />TIP 3: Have you checked our
extensiveFAQ?<br /><br /> http://www.postgresql.org/docs/faq<br /></blockquote><br />