Thread: Matching pgp_sym_encrypt() and gpg2 output

Matching pgp_sym_encrypt() and gpg2 output

From

Bruce Momjian

Date:

27 August 2019, 20:33:16

I am trying to generate output from the command-line program gpg2 that
matches the output of pgp_sym_encrypt().  gpg2 outputs:

    $ echo 'my access password' | tr -d '\n' | gpg2 --symmetric --batch
    > --cipher-algo AES256 --passphrase 'abc' | xxd -p | tr -d '\n'

    8c0d0409030248b24f9d2bc91287f5d24701...

while pgp_sym_encrypt() outputs:

    SELECT pgp_sym_encrypt('my access password', 'abc', 'cipher-algo=aes256');
                                                                            
         pgp_sym_encrypt
    ----------------------------------------
     \xc30d0409030282dbcc61c149fd4b67d24...

I realize the \x is from the bytea output function, but the hex digits
don't match, and the gpg2 output is slightly longer than the
pgp_sym_encrypt() output.  What gpg2 options will allow it to match?
Thanks.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

Re: Matching pgp_sym_encrypt() and gpg2 output

From

Jeff Janes

Date:

27 August 2019, 21:05:28

On Tue, Aug 27, 2019 at 1:33 PM Bruce Momjian <bruce@momjian.us> wrote:

I am trying to generate output from the command-line program gpg2 that
matches the output of pgp_sym_encrypt(). gpg2 outputs:

$ echo 'my access password' | tr -d '\n' | gpg2 --symmetric --batch
> --cipher-algo AES256 --passphrase 'abc' | xxd -p | tr -d '\n'

I don't even get the same output on repeated execution of this same command, so I think you are pursuing a lost cause.

Cheers,

Jeff

Re: Matching pgp_sym_encrypt() and gpg2 output

From

Bruce Momjian

Date:

27 August 2019, 21:35:19

On Tue, Aug 27, 2019 at 02:05:28PM -0400, Jeff Janes wrote:
> On Tue, Aug 27, 2019 at 1:33 PM Bruce Momjian <bruce@momjian.us> wrote:
> 
>     I am trying to generate output from the command-line program gpg2 that
>     matches the output of pgp_sym_encrypt().  gpg2 outputs:
> 
>             $ echo 'my access password' | tr -d '\n' | gpg2 --symmetric --batch
>             > --cipher-algo AES256 --passphrase 'abc' | xxd -p | tr -d '\n'
> 
> 
> I don't even get the same output on repeated execution of this same command, so
> I think you are pursuing a lost cause.

Ah, very good point.  I at least get the same first few bytes and same
length each time, so I never even looked at the trailing bytes, and you
are right that it isn't surprising they differ each time.

Anyway, I figured it out.  I was originally trying to use openssl to
match pgp_sym_encrypt(), and that wasn't working, and then when I
couldn't get the gpg2 bytes to match, I asked here.  Seems I got it
working with the attached SQL file.  Thanks.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

Attachment

key-pass-test.sql