Обсуждение: [GENERAL] pgcrypto encrypt
Hello! Is there a way to decrypt data encrypted with the pgcrypto "encrypt" function, outside the database? Assuming that I know the key etc... Thanks! -- Stephen
On Wed, Sep 6, 2017 at 04:19:52PM -0400, Stephen Cook wrote: > Hello! > > Is there a way to decrypt data encrypted with the pgcrypto "encrypt" > function, outside the database? Assuming that I know the key etc... Yes, I think so. pgcrypto uses openssl and gpg internally, so using those tools should work. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
On Tue, Sep 19, 2017 at 12:20 PM, Bruce Momjian <bruce@momjian.us> wrote:
On Wed, Sep 6, 2017 at 04:19:52PM -0400, Stephen Cook wrote:
> Hello!
>
> Is there a way to decrypt data encrypted with the pgcrypto "encrypt"
> function, outside the database? Assuming that I know the key etc...
Yes, I think so. pgcrypto uses openssl and gpg internally, so using
those tools should work.
I know that pgp_sym_encrypt and pgp_sym_decrypt interoperates well with "outside the database" gpg, although dealing with armoring and de-armoring as well as text mode or binary mode is a bit of a bother until you get used to it.
But he seems to be asking about the "F.25.4. Raw Encryption Functions". I wouldn't want to reassure him that it would be easy to make those work outside the database, without having seen it done. But it should of course be possible to make it work, even if that means rearranging the code of pgcrypto and compiling into something that is standalone.
Cheers,
Jeff
On Tue, Sep 19, 2017 at 12:42:40PM -0700, Jeff Janes wrote: > On Tue, Sep 19, 2017 at 12:20 PM, Bruce Momjian <bruce@momjian.us> wrote: > > On Wed, Sep 6, 2017 at 04:19:52PM -0400, Stephen Cook wrote: > > Hello! > > > > Is there a way to decrypt data encrypted with the pgcrypto "encrypt" > > function, outside the database? Assuming that I know the key etc... > > Yes, I think so. pgcrypto uses openssl and gpg internally, so using > those tools should work. > > > I know that pgp_sym_encrypt and pgp_sym_decrypt interoperates well with > "outside the database" gpg, although dealing with armoring and de-armoring as > well as text mode or binary mode is a bit of a bother until you get used to it. > > But he seems to be asking about the "F.25.4. Raw Encryption Functions". I > wouldn't want to reassure him that it would be easy to make those work outside > the database, without having seen it done. But it should of course be possible > to make it work, even if that means rearranging the code of pgcrypto and > compiling into something that is standalone. Uh, it should be possible with openssl, but I have never tried it. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
On 2017-09-19 15:42, Jeff Janes wrote: > On Tue, Sep 19, 2017 at 12:20 PM, Bruce Momjian <bruce@momjian.us > <mailto:bruce@momjian.us>> wrote: > > On Wed, Sep 6, 2017 at 04:19:52PM -0400, Stephen Cook wrote: > > Hello! > > > > Is there a way to decrypt data encrypted with the pgcrypto "encrypt" > > function, outside the database? Assuming that I know the key etc... > > Yes, I think so. pgcrypto uses openssl and gpg internally, so using > those tools should work. > > > I know that pgp_sym_encrypt and pgp_sym_decrypt interoperates well with > "outside the database" gpg, although dealing with armoring and > de-armoring as well as text mode or binary mode is a bit of a bother > until you get used to it. > > But he seems to be asking about the "F.25.4. Raw Encryption Functions". > I wouldn't want to reassure him that it would be easy to make those work > outside the database, without having seen it done. But it should of > course be possible to make it work, even if that means rearranging the > code of pgcrypto and compiling into something that is standalone. > > Cheers, > > Jeff Yes, I mean the "Raw Encryption Functions". I am aware that this is not the recommended method, but there are limitations with this client and this is what we are using. I was hoping that it is a standard algorithm, something that could be implemented in whatever language they are using for ETL. We have one column encrypted with "encrypt". When this table is exported the guys on the other end need to decrypt it, without access to a PostgreSQL instance. I'm already pushing for a rewrite of this part, but if anyone knows anything about getting that data, I'm all ears. -- Stephen -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general