Marc Munro wrote: > On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote: > > On 5/26/20 12:01 PM, Marc Munro wrote: > > > I need to be able to cryptographically sign objects in my database > > > using a public key scheme. > > > [ . . . ] > > > Any other options? Am I missing something? > > > > https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7 > > I looked at that but I must be missing something. In order to usefully > sign something, the private, secret, key must be used to encrypt a > disgest of the thing being signed (something of a simplification, but > that's the gist). This can then be verified, by anyone, using the > public key. > > But the pgcrypto functions, for good reasons, do not allow the private > (secret) key to be used in this way. Encryption and signing algorithms > are necessarily different as the secret key must be protected; and we > don't want signatures to be huge, and it seems that pgcrypto has not > implemented signing algorithms. > > What am I missing? > > __ > Marc That page linked to above says: F.25.3.10. Limitations of PGP Code No support for signing.
