Re: Support for ECDSA & ed25519 digital signatures in pgcrypto?

On Sun, Feb 4, 2018 at 04:38:24PM +0530, Nilesh Trivedi wrote:
> I recently had to build ed25519 digital signature validation in PostgreSQL.
> Since pgcrypto doesn't
> support these methods, I had to look into PL/Python and PL/v8 based
> implementations. The
> experience turned out to be very poor (documented here: https://gist.github.com
> /nileshtrivedi
> /7cd622d4d521986593bff81bfa1e5893
>
> I think OpenSSL already supports these encryption methods and it would be great
> to have them
> supported within pgcrypto - especially with the advent of distributed systems
> like IPFS, public
> blockchains like BitCoin, Ethereum. Elliptic curve cryptography has some major
> advantages over
> RSA: for both security and usability. Some are listed here: https://
> ed25519.cr.yp.to/
>
> Is somebody working on this? I'm not a C programmer but if needed, I can look
> into implementing
> this.

I agree there is going to be a lot more focus on ECDSA because elliptic
curve cryptography is much more efficient for large key sizes, see:

https://momjian.us/main/writings/pgsql/tls.pdf#page=17

and RSA can't support elliptic curve. Chrome accessing mail.google.com
is already using ECDSA:

https://momjian.us/main/writings/pgsql/tls.pdf#page=16

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +