Greetings PostgreSQL community members,
pgsodium is an encryption library for postgres that provides modern cryptographic functions based on the libsodium encryption library. This release brings many changes, cleanups, tests, and includes some new functionality.
pgsodium provides several features not available in pgcrypto, most notably Server Managed Keys which are keys used by id and context, never by raw value. This allows SQL to safely encrypt and decrypt data without ever having to expose the key in SQL itself. Some other novel features include:
- Secretbox Authenticated Encryption
- Public Key Encryption/Signing
- Anonymous Sealed Boxes
- AEAD Constructions
- Key Derivation
- End-to-End Encryption with Key Exchange API
There are a few breaking changes with 1.1.1, most noticeably, API access is revoked on PUBLIC by default, and there are now three layered security roles with access to the API. If you wish to use the pgsodium API you must either grant access yourself, or preferably use one of the three built in layers of API access:
- The least privileged role (pgsodium_keyiduser) can only use API functions by key id, it can never see or use raw bytea keys.
- The next layer role (pgsodium_keyholder) can see and use keys and keypairs, but not generate or derive them.
- The highest privilege role (pgsodium_keymaker) can do everything including make and derive keys and keypairs.
Many encryption patterns require only the minimal key id privilege and a column encryption example is provided in the documentation. Key ids make interaction with the pgsodium API completely "keyless". This can be used for secret key encryption patterns in the API like `crypto_secretbox`, `crypto_auth` and `crypto_aead_ietf`. Public key functionality can not be used by key id.
1.2.0 also wraps the IETF ChaCha20-Poly1305 construction for Authenticated Encryption with Additional Data (AEAD) in libsodium as the `crypto_aead_ietf` API.
`pgsodium_derive()` is deprecated and is not called `derive_key()`.
Several related fixes were made to the multipart public key signing, and many more tests and error checks have been added.
Please check it out!
-Michel