Skip site navigation (1) Skip section navigation (2)

pgcrypto 0.4

From: Marko Kreen <marko(at)l-t(dot)ee>
To: pgsql-announce(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org
Subject: pgcrypto 0.4
Date: 2001-11-25 19:22:09
Message-ID: 20011125212209.A23229@l-t.ee (view raw or flat)
Thread:
Lists: pgsql-announcepgsql-general
Hello,

Here's pgcrypto version 0.4.  The same code will appear in
contrib/pgcrypto in PostgreSQL 7.2, this is a standalone release
for PostgreSQL 7.0.x and 7.1.x.

	http://www.l-t.ee/marko/pgsql/pgcrypto-0.4.tar.gz

I consider 0.4.x versions a 'stable' branch as it is basically
feature-complete with what I planned in beginning.


Things it provides:

* digest(data, type) function for hashing.
  Builtin algorithms: MD5, SHA1.

* hmac(data, key, type) function for RFC2104 Hashed Message
  Authentication Codes - sort of a key'ed hashes.
  Builtin algorithms: MD5, SHA1.

* UN*X like crypt(key, salt) and gen_salt(type)
  old DES, extended DES, MD5 and Blowfish crypt.

* encrypt(data, key, type)/decrypt(...) functions.
  Builtin algorithms: Blowfish, Rijndael/AES.

* encode()/decode() functions for base64/hex encoding.
  For PostgreSQL 7.0/7.1, 7.2 has this in core.

* You can link it with external library to get more algorithms:
  OpenSSL and MHASH+MCRYPT are currently supported.

Changes since 0.3:
==================

Features:
* Rijndael and Blowfish as builtin ciphers
* Blowfish crypt
* nicer regression tests
* lotsa source cleanups

Fixes:
* base64 now works...
* Uses bytea instead text for 8-bit data.
* oversized key to encrypt/decrypt corrupted memory
* decrypt did not remove padding bytes if data
  was multiple of block size

Future
======

This could be called a '1.0' release as only near-term thing
missing are some source cleanups and more regression tests
to make sure it handles other ciphers beside AES and Blowfish
right (it probably does).

But there is a problem with encrypt/decrypt - namely they are
too simple.  They dont use techniques as keygen, MAC-ing the
data and session keys which are rather mandatory in current
state-of-the-art cryptography.

So for 0.5.x series I plan to implement a subset of OpenPGP
standard - password based encryptionas - as pgp_encrypt() functions.
It should not be that hard, as lot of lower infrastructure is ready,
but I am not sure when I find time for it.  So, if anyone is interested
in hacking crypto, you are welcome to give a hand.

-- 
marko


pgsql-announce by date

Next:From: Marc G. FournierDate: 2001-11-26 13:25:47
Subject: PostgreSQL v7.2b3 Released
Previous:From: Helge BahmannDate: 2001-11-12 17:26:31
Subject: Re: psql -f backup.out || file too big - SOLVED

pgsql-general by date

Next:From: -wiseguyDate: 2001-11-25 20:07:55
Subject: pl/perl won't build under 7.1.3
Previous:From: Mancz, JamesDate: 2001-11-25 18:58:45
Subject: Re: select extract and subqueries

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group