Re: pgcrypto: PGP signatures

On Sun, Sep 7, 2014 at 10:36 AM, Marko Tiikkaja <marko(at)joh(dot)to> wrote:

> On 2014-09-07 19:28, Jeff Janes wrote:
>
>>
>> select pgp_sym_decrypt(dearmor('-----BEGIN PGP MESSAGE-----
>> Version: GnuPG v2.0.14 (GNU/Linux)
>> Password: foobar
>>
>> jA0EBwMCqywsAv/hXJ7D0j8BWsD+9H7DY4KhrIIw2oV/6tBueVQ28+VDjBw9rGiy
>> 3JRPmyXNN4wRTZXIyTVzK3LylWLomD9pQkao4hrQwSs=
>> =02RI
>> -----END PGP MESSAGE-----
>> '),'foobar','debug=1');
>> NOTICE: dbg: parse_literal_data: data type=b
>> ERROR: Not text data
>>
>> So I don't know if I am doing something wrong, or if the PostgreSQL
>> implementation of pgp is just not interoperable with other
>> implementations.
>> That makes it hard to test the new features if I can't make the old ones
>> work.
>>
>
> The NOTICE here says what's wrong: the message has been marked to contain
> binary data, not text. You should be able to decrypt it with
> pgp_sym_decrypt_bytea() (and you can use convert_from() to get a text value
> out).

OK, thanks. That is obvious in retrospect. I'll put it on my todo list to
try to clean up some of documentation and error messages to make it more
obvious to the naive user, but that is not part of this patch.

One problem I've run into now is that if I try to sign a message
with pgp_pub_encrypt_sign but give it the public, not private, key as the
3rd argument, it generates this message:

ERROR: Cannot decrypt with public key

Should be 'sign', not 'decrypt'.

Similarly for verification:

ERROR: Refusing to encrypt with secret key

'encrypt' should be 'verify signature'.

Cheers,

Jeff