| From: | Michel Pelletier <pelletier(dot)michel(at)gmail(dot)com> |
|---|---|
| To: | pgsql-announce(at)postgresql(dot)org |
| Subject: | pgsodium 1.1.1 is released! |
| Date: | 2020-06-10 00:26:47 |
| Message-ID: | CACxu=v+Hntph78QPA_HM_5+C_xihdOfNeY++is1NdOERUpVTTg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-announce |
pgsodium is a modern cryptography library for Postgres that uses libsodium
for all cryptographic operations.
https://github.com/michelp/pgsodium
the 1.1.1 release is available on PGXN:
https://manager.pgxn.org/distributions/pgsodium/1.1.1
A key new feature in pgsodium 1.1.1 are Server Managed Keys. This is a
completely optional mode of operation where you can load a secret key on
server boot, inspired by the cool extension pgcryptokey from Bruce
Momjian. Once the secret key is loaded, new keys can be derived by "key
id" using libsodium Key Derivation Functions and used to seed deterministic
keypair generation functions like crpypto_box_seed_new_keypair().
https://github.com/michelp/pgsodium#server-key-management
By proactively never storing derived keys and only key ids, databases can
contain encrypted data with no secrets stored in them, revealed in SQL or
logged in any way.
Other new features in 1.1.1 include:
- detached public key signing and multipart signing aggregates contributed
by Marc Munro.
- first cut and api documentation contributed by Marc Munro.
- pgxn META.json contributed by David E. Wheeler.
- Key Derivation Function API (used by Server Managed Keys)
- crpypto_box/sign_seed_new_keypair() for deterministic key pair generation.
- Key Exchange API.
- hmac 512
Check it out!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2020-06-11 07:36:48 | PgBouncer 1.14.0 released |
| Previous Message | David Fetter | 2020-06-07 22:41:07 | == PostgreSQL Weekly News - June 7, 2020 == |