database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

pgcrypto: support changing S2K iteration count

Browse Source 
pgcrypto already supports key-stretching during symmetric encryption,
including the salted-and-iterated method; but the number of iterations
was not configurable.  This commit implements a new s2k-count parameter
to pgp_sym_encrypt() which permits selecting a larger number of
iterations.

Author: Jeff Janes
This commit is contained in:
Alvaro Herrera
2016-03-09 14:31:07 -03:00
parent b6fb6471f6
commit 188f359d39
9 changed files with 98 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
contrib/pgcrypto/expected/pgp-encrypt.out
View File

@ -103,6 +103,25 @@ select pgp_sym_decrypt(
Secret.
(1 row)
-- s2k count change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'),
'key', 'expect-s2k-count=1024');
pgp_sym_decrypt
-----------------
Secret.
(1 row)
-- s2k_count rounds up
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'),
'key', 'expect-s2k-count=65000000');
NOTICE: pgp_decrypt: unexpected s2k_count: expected 65000000 got 65011712
pgp_sym_decrypt
-----------------
Secret.
(1 row)
-- s2k digest change
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),