|From:||Marko Tiikkaja <marko(at)joh(dot)to>|
|To:||Joel Jacobson <joel(at)trustly(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Thomas Munro <munro(at)ip9(dot)org>|
|Subject:||Re: pgcrypto: PGP signatures|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
I've updated the patch with a number of changes:
1) I've documented the current limitations of signatures
2) I've expanded section F.25.3 to add information about signatures
(though I'm not sure why this part is in the user-facing documentation
in the first place).
3) I've changed the code to use ntohl() and pg_time_t as per Thomas'
4) I've changed the code to consistently use "while (1)" instead of
"for (;;)" (except for the math library, but I didn't touch that at all)
I've also changed the behaviour when passing a message with a signature
to the decrypt functions which don't verify signatures. They now report
"ERROR: Wrong key or corrupt data" instead of decrypting and silently
ignoring the signature. The behaviour is now backwards compatible, but
I see two ways we could possibly possibly improve this:
1) Produce a better error message (I'm sure most people don't know
about the hidden debug=1 setting)
2) Provide an option to ignore the signature if decrypting the data
is desirable even if the signature can't be verified
Any thoughts, comments appreciated.
|Next Message||Amit Kapila||2014-09-05 11:47:49||Re: Scaling shared buffer eviction|
|Previous Message||Pavel Stehule||2014-09-05 09:21:30||Re: proposal: plpgsql - Assert statement|