I normally don't make preannouncements, but this directly relates
to Sean's question and several private inquiries.
Due to popular demand, libpkixpq 0.3 will support crypto using the
OpenSSL library. The roadmap at the current time is:
PHASE 1: support for symmetrical encryption.
This will introduce three new data types:- HASH - cryptographic hashes, related to Sean's question
- KEY - symmetrical encryption key
- CIPHERTEXT - encrypted data
The last two types will be formatted per OpenPGP (RFC 2440) specs,
with an eye towards future interoperability with PGP and GPG.
N.B., no external libraries will be required other than OpenSSL and
the compression library (zlib?).
Besides the hash functions (computing hashes, displaying the
contents in various formats) three new crypto functions will be
defined:
CREATE_KEY (TEXT passphrase, TEXT cipher) returns KEY;
ENCRYPT (TEXT data, KEY key) returns CIPHERTEXT;
DECRYPT (CIPHERTEXT ciphertext, KEY key) returns TEXT;
In this phase, only symmetrical encryption will be supported. However
I plan to use "Symmetric-Key Encrypted Session-Key" packets so it will
always be possible to mix symmetrical and asymmetrical keys with all
encrypted data.
I hope to have the first cut out within the next few days.
PHASE 2: support for asymmetrical encryption.
The ENCRYPT and DECRYPT functions will be overloaded to accept:
ENCRYPT (TEXT data, X509 cert) returns CIPHERTEXT;
DECRYPT (CIPHERTEXT ciphertext, PKCS8 key, TEXT passphrase) returns TEXT;
Additional types and functions will undoubtably be defined to facilitate
interoperation with PGP/GPG, and to provide a mechanism for allowing
decryption by multiple parties. E.g., something like
ENCRYPT (TEXT data, X509 certs[]) return CIPHERTEXT;
PHASE 3: full integration into the database as described previously.