o Tom stuck a CVS id into file. I doubt the usefulness of it,
but if it needs to be in the file then rather at the end.
Also tag it as comment for asciidoc.
o Mention bytea vs. text difference
o Couple clarifications
Index: pgsql/contrib/pgcrypto/README.pgcrypto
===================================================================
*** pgsql.orig/contrib/pgcrypto/README.pgcrypto
--- pgsql/contrib/pgcrypto/README.pgcrypto
***************
*** 1,4 ****
- $PostgreSQL: pgsql/contrib/pgcrypto/README.pgcrypto,v 1.12 2005/07/18
17:17:12 tgl Exp $
pgcrypto - cryptographic functions for PostgreSQL
=================================================
--- 1,3 ----
*************** cracking. Or may not.
*** 278,284 ****
-------------------
The functions here implement the encryption part of OpenPGP (RFC2440)
! standard.
5.1. Overview
--- 277,283 ----
-------------------
The functions here implement the encryption part of OpenPGP (RFC2440)
! standard. Supported are both symmetric-key and public-key encryption.
5.1. Overview
*************** Options are described in section 5.7.
*** 334,339 ****
--- 333,342 ----
Decrypt a symmetric-key encrypted PGP message.
+ Decrypting bytea data with `pgp_sym_decrypt` is disallowed.
+ This is to avoid outputting invalid character data. Decrypting
+ originally textual data with `pgp_sym_decrypt_bytea` is fine.
+
Options are described in section 5.7.
*************** key is password-protected, you must give
*** 362,367 ****
--- 365,374 ----
there is no password, but you want to specify option for function, you
need to give empty password.
+ Decrypting bytea data with `pgp_pub_decrypt` is disallowed.
+ This is to avoid outputting invalid character data. Decrypting
+ originally textual data with `pgp_pub_decrypt_bytea` is fine.
+
Options are described in section 5.7.
*************** cipher-algo::
*** 422,428 ****
Default: aes128
Applies: pgp_sym_encrypt, pgp_pub_encrypt
-
compress-algo::
Which compression algorithm to use. Needs building with zlib.
--- 429,434 ----
*************** s2k-cipher-algo::
*** 492,498 ****
Which cipher to use for encrypting separate session key.
Values: bf, aes, aes128, aes192, aes256
! Default: same as cipher-algo.
Applies: pgp_sym_encrypt
unicode-mode::
--- 498,504 ----
Which cipher to use for encrypting separate session key.
Values: bf, aes, aes128, aes192, aes256
! Default: use cipher-algo.
Applies: pgp_sym_encrypt
unicode-mode::
*************** Generate a new key:
*** 513,519 ****
gpg --gen-key
! You need to pick "DSA and Elgamal" key type, others are sign-only.
List keys:
--- 519,528 ----
gpg --gen-key
! The preferred key type is "DSA and Elgamal".
!
! For RSA encryption you must create either DSA or RSA sign-only key
! as master and then add RSA encryption subkey with `gpg --edit-key`.
List keys:
*************** You need to use `dearmor()` on them befo
*** 531,536 ****
--- 540,548 ----
pgp_pub_* functions. Or if you can handle binary data, you can drop
"-a" from gpg.
+ For more details see `man gpg`, http://www.gnupg.org/gph/en/manual.html[
+ The GNU Privacy Handbook] and other docs on http://www.gnupg.org[] site.
+
5.10. Limitations of PGP code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*************** pgp_pub_* functions. Or if you can hand
*** 538,546 ****
- No support for signing. That also means that it is not checked
whether the encryption subkey belongs to master key.
! - No support for RSA keys. Only Elgamal encryption keys are supported
! - No support for several encryption subkeys.
6. Raw encryption
--- 550,562 ----
- No support for signing. That also means that it is not checked
whether the encryption subkey belongs to master key.
! - No support for encryption key as master key. As such practice
! is generally discouraged, it should not be a problem.
! - No support for several subkeys. This may seem like a problem, as this
! is common practice. On the other hand, you should not use your regular
! GPG/PGP keys with pgcrypto, but create new ones, as the usage scenario
! is rather different.
6. Raw encryption
*************** I have used code from following sources:
*** 631,636 ****
--- 647,655 ----
9.1. Useful reading
~~~~~~~~~~~~~~~~~~~~~
+ http://www.gnupg.org/gph/en/manual.html[]::
+ The GNU Privacy Handbook
+
http://www.openwall.com/crypt/[]::
Describes the crypt-blowfish algorithm.
*************** http://jlcooke.ca/random/[]::
*** 673,675 ****
--- 692,698 ----
http://www.cs.ut.ee/~helger/crypto/[]::
Collection of cryptology pointers.
+
+
+ // $PostgreSQL: pgsql/contrib/pgcrypto/README.pgcrypto,v 1.12 2005/07/18
17:17:12 tgl Exp $
+
--
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
