On Tue, May 26, 2020 at 12:21 PM Marc Munro <marc@bloodnok.com> wrote:
On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote: > On 5/26/20 12:01 PM, Marc Munro wrote: > > I need to be able to cryptographically sign objects in my database > > using a public key scheme. > > [ . . . ] > > Any other options? Am I missing something? > > https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7
I looked at that but I must be missing something. In order to usefully sign something, the private, secret, key must be used to encrypt a disgest of the thing being signed (something of a simplification, but that's the gist). This can then be verified, by anyone, using the public key.
But the pgcrypto functions, for good reasons, do not allow the private (secret) key to be used in this way. Encryption and signing algorithms are necessarily different as the secret key must be protected; and we don't want signatures to be huge, and it seems that pgcrypto has not implemented signing algorithms.