Re: pgcrypto encrypt

On 2017-09-19 15:42, Jeff Janes wrote:
> On Tue, Sep 19, 2017 at 12:20 PM, Bruce Momjian <bruce(at)momjian(dot)us
> <mailto:bruce(at)momjian(dot)us>> wrote:
>
> On Wed, Sep  6, 2017 at 04:19:52PM -0400, Stephen Cook wrote:
> > Hello!
> >
> > Is there a way to decrypt data encrypted with the pgcrypto "encrypt"
> > function, outside the database? Assuming that I know the key etc...
>
> Yes, I think so.  pgcrypto uses openssl and gpg internally, so using
> those tools should work.
>
>
> I know that pgp_sym_encrypt and pgp_sym_decrypt interoperates well with
> "outside the database" gpg, although dealing with armoring and
> de-armoring as well as text mode or binary mode is a bit of a bother
> until you get used to it.
>
> But he seems to be asking about the "F.25.4. Raw Encryption Functions". 
> I wouldn't want to reassure him that it would be easy to make those work
> outside the database, without having seen it done.  But it should of
> course be possible to make it work, even if that means rearranging the
> code of pgcrypto and compiling into something that is standalone.
>  
> Cheers,
>
> Jeff

Yes, I mean the "Raw Encryption Functions". I am aware that this is not
the recommended method, but there are limitations with this client and
this is what we are using.

I was hoping that it is a standard algorithm, something that could be
implemented in whatever language they are using for ETL. We have one
column encrypted with "encrypt". When this table is exported the guys on
the other end need to decrypt it, without access to a PostgreSQL instance.

I'm already pushing for a rewrite of this part, but if anyone knows
anything about getting that data, I'm all ears.

-- Stephen