Re: Encryption functions

On Thu, 18 May 2006 06:44:55 -0600
Michael Fuhr <mike@fuhr.org> wrote:

> On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> > Are there any encryption functions that can be used in
> > SQL inserts and selects directly?  For example like
> > "select encryptin_function('test_to_be_encrypted'), ........"
> 
> See the contrib/pgcrypto module.  It has functions like digest()
> for making SHA1, MD5, and other digests; hmac() for making Hashed
> Message Authentication Codes; and encrypt()/encrypt_iv() and
> decrypt()/decrypt_iv() for doing encryption and decryption.  Since
> 8.1 pgcrypto also has functions for doing OpenPGP symmetric and
> public-key encryption.

If your requirements are simpler check out the genpass module.  It is a
DES3 encrypted type.  You can do things like "SELECT * FROM table WHERE
passw = 'hello'" and it will find passwords that are entered as 'hello'
even though they are stored encrypted.  Example:

darcy=# select 'hello'::chkpass;   chkpass
----------------:v1L3NdWy0OHlQ
(1 row)

darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';?column?
----------t
(1 row)

darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';?column?
----------f
(1 row)

Note that the leading colon says that the string is already encrypted.
This allows dump and restore to work correctly.

-- 
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.