Announcement: libpkixpq 0.3 - with limited OpenPGP support
| От | Bear Giles |
|---|---|
| Тема | Announcement: libpkixpq 0.3 - with limited OpenPGP support |
| Дата | |
| Msg-id | 200201060824.BAA06946@eris.coyotesong.com обсуждение |
| Список | pgsql-hackers |
In response to multiple requests, libpkixpq 0.3 includes limited OpenPGP (RFC2440) support. It is available for download at http://www.dimensional.com/~bgiles/. It should not be downloaded contrary to US export or local law. (It's not like this RFC is difficult to implement - I've done this work in less than a day while doing other things.) The key changes are: 1) Base64 encoding: Two functions are defined which are wrappers to the OpenSSL Base64 routines: function base64_encode(text) returns text; function base64_decode(text) returns text; 2) Cryptographic hashes: A new type is defined, HASH, which can hold a cryptographic hash value. The standard hash format is a colon delimited list of hexadecimal values, e.g, 01:23:45:67:89:ab:cd:ef. To generate a hash, you should use the function function digest(text data, text digest) returns hash; You can get a base-64 encoded hash with function base64_encode(hash) returns text; This is different than the function described above since the hash is against the underlying binary data, not the hexadecimal representation. Finally, you can explicitly cast a hash to a text object with function text(hash) returns text; 3) OpenPGP encryption: PRELIMINARY support for OpenPGP(RFC2440) encryption is provided with one new data type, CIPHERTEXT, and two functions: function encrypt(text data, text passphrase) returns ciphertext; function decrypt(ciphertext data, text passphrase) returns text; No encrypted keys are stored in the ciphertext object - at the current time the only key supported is generated from the passphrase by computing the MD5 hash of the passphrase, then using it as the key to the blowfish cipher. (The RFC specifies the IDEA cipher, but it is problematic due to European patents.) Compression is not yet currently supported. (Should I use zlib, or is does the backend provide its own compression library?) The ciphertext is stored as binary data, but displayed in base64 encoding instead of the full OpenPGP armor. IMPORTANT REMINDER: This is not production quality code, do NOT use it to store credit card information in your database! IMPORTANT REMINDER 2: This code is not interoperable with PGP or GPG, although that would be an obvious long-term goal. Announcement cc'd to crypt@bxa.doc.gov.
В списке pgsql-hackers по дате отправления: