Re: pgcrypto: PGP signatures

From: Marko Tiikkaja <marko(at)joh(dot)to>
To: Joel Jacobson <joel(at)trustly(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Thomas Munro <munro(at)ip9(dot)org>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pgcrypto: PGP signatures
Date: 2014-09-05 11:38:43
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Hi all,

I've updated the patch with a number of changes:
1) I've documented the current limitations of signatures
2) I've expanded section F.25.3 to add information about signatures
(though I'm not sure why this part is in the user-facing documentation
in the first place).
3) I've changed the code to use ntohl() and pg_time_t as per Thomas'
4) I've changed the code to consistently use "while (1)" instead of
"for (;;)" (except for the math library, but I didn't touch that at all)

I've also changed the behaviour when passing a message with a signature
to the decrypt functions which don't verify signatures. They now report
"ERROR: Wrong key or corrupt data" instead of decrypting and silently
ignoring the signature. The behaviour is now backwards compatible, but
I see two ways we could possibly possibly improve this:
1) Produce a better error message (I'm sure most people don't know
about the hidden debug=1 setting)
2) Provide an option to ignore the signature if decrypting the data
is desirable even if the signature can't be verified

Any thoughts, comments appreciated.


Attachment Content-Type Size
pgcrypto_sigs.v3.patch text/plain 151.1 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2014-09-05 11:47:49 Re: Scaling shared buffer eviction
Previous Message Pavel Stehule 2014-09-05 09:21:30 Re: proposal: plpgsql - Assert statement