Re: [SQL] Encryption functions

[Thusitha Kodikara]

Thanks for the guidance .

-Thusitha

"D'Arcy J.M. Cain" <darcy@druid.net> wrote:

On Thu, 18 May 2006 06:44:55 -0600
Michael Fuhr <[EMAIL PROTECTED]> wrote:

> On Thu, May 18, 2006 at 04:21:19AM -0700, Thusitha Kodikara wrote:
> > Are there any encryption functions that can be used in
> > SQL inserts and selects directly? For example like
> > "select encryptin_function('test_to_be_encrypted'), ........"
>
> See the contrib/pgcrypto module. It has functions like digest()
> for making SHA1, MD5, and other digests; hmac() for making Hashed
> Message Authentication Codes; and encrypt()/encrypt_iv() and
> decrypt()/decrypt_iv() for doing encryption and decryption. Since
> 8.1 pgcrypto also has functions for doing OpenPGP symmetric and
> public-key encryption.

If your requirements are simpler check out the genpass module. It is a
DES3 encrypted type. You can do things like "SELECT * FROM table WHERE
passw = 'hello'" and it will find passwords that are entered as 'hello'
even though they are stored encrypted. Example:

darcy=# select 'hello'::chkpass;
chkpass
----------------
:v1L3NdWy0OHlQ
(1 row)

darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'hello';
?column?
----------
t
(1 row)

darcy=# select ':v1L3NdWy0OHlQ'::chkpass = 'nothello';
?column?
----------
f
(1 row)

Note that the leading colon says that the string is already encrypted.
This allows dump and restore to work correctly.

--
D'Arcy J.M. Cain | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq