| From: | Marko Tiikkaja <marko(at)joh(dot)to> |
|---|---|
| To: | Joel Jacobson <joel(at)trustly(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Thomas Munro <munro(at)ip9(dot)org> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pgcrypto: PGP signatures |
| Date: | 2014-09-05 11:38:43 |
| Message-ID: | 5409A0C3.70300@joh.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
I've updated the patch with a number of changes:
1) I've documented the current limitations of signatures
2) I've expanded section F.25.3 to add information about signatures
(though I'm not sure why this part is in the user-facing documentation
in the first place).
3) I've changed the code to use ntohl() and pg_time_t as per Thomas'
comments.
4) I've changed the code to consistently use "while (1)" instead of
"for (;;)" (except for the math library, but I didn't touch that at all)
I've also changed the behaviour when passing a message with a signature
to the decrypt functions which don't verify signatures. They now report
"ERROR: Wrong key or corrupt data" instead of decrypting and silently
ignoring the signature. The behaviour is now backwards compatible, but
I see two ways we could possibly possibly improve this:
1) Produce a better error message (I'm sure most people don't know
about the hidden debug=1 setting)
2) Provide an option to ignore the signature if decrypting the data
is desirable even if the signature can't be verified
Any thoughts, comments appreciated.
.marko
| Attachment | Content-Type | Size |
|---|---|---|
| pgcrypto_sigs.v3.patch | text/plain | 151.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2014-09-05 11:47:49 | Re: Scaling shared buffer eviction |
| Previous Message | Pavel Stehule | 2014-09-05 09:21:30 | Re: proposal: plpgsql - Assert statement |