On Tue, May 26, 2020 at 12:21 PM Marc Munro <marc@xxxxxxxxxxxx> wrote:
On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote:
> On 5/26/20 12:01 PM, Marc Munro wrote:
> > I need to be able to cryptographically sign objects in my database
> > using a public key scheme.
> > [ . . . ]
> > Any other options? Am I missing something?
>
> https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7
I looked at that but I must be missing something. In order to usefully
sign something, the private, secret, key must be used to encrypt a
disgest of the thing being signed (something of a simplification, but
that's the gist). This can then be verified, by anyone, using the
public key.
But the pgcrypto functions, for good reasons, do not allow the private
(secret) key to be used in this way. Encryption and signing algorithms
are necessarily different as the secret key must be protected; and we
don't want signatures to be huge, and it seems that pgcrypto has not
implemented signing algorithms.
What am I missing?
__
Marc