頻道欄目
首頁 > 資訊 > 加密解密 > 正文

固若金湯 - PostgreSQL pgcrypto加密插件

16-07-29        來源:[db:作者]  
收藏   我要投稿
背景

默認情況下數據都是以明文存儲在數據庫中的。

如果未使用數據傳輸層加密手段的話, 數據一旦在傳輸中被截獲的話就很容易泄漏數據。

本文將要介紹的是數據內容的加密。

數據內容的加密可以在數據庫服務端進行加解密, 也可以在客戶端進行加解密.

在數據庫服務端加解密的話, 網絡上傳輸的還是未加密的內容, 所以為了防御網絡數據截獲, 建議還是要搭配使用數據傳輸加密.

如果是在客戶端進行加解密的話, 網絡上傳輸的是加密后的內容, 所以不必擔心網絡數據截獲的問題.

下面以pgcrypto這個擴展包為例, 講一下數據庫服務端加密.

PostgreSQL 加密插件pgcrypto的用法

阿里云正在將這個插件整合到正在公測的ApsaraDB for Greenplum數據庫,如果你在RDS PG中使用了這個插件,恭喜你,可以平移到Greenplum了。

數據倉庫是企業數據的集散地,數據安全不容忽視,特別是云上的用戶更是如此。

https://www.aliyun.com/product/gpdb?spm=5176.7960203.237031.39.3aCwlI

創建pgcrypto擴展包
pg92@db-172-16-3-40-> psql -h 172.16.3.33 -p 1999 -U postgres digoalpsql (9.2beta1, server 9.3devel)WARNING: psql version 9.2, server version 9.3.         Some psql features might not work.SSL connection (cipher: RC4-SHA, bits: 128)Type "help" for help.digoal=# create extension pgcrypto;CREATE EXTENSION

pgcrypto包含了一些加密和解密的函數.
詳見PostgreSQL手冊.

下面主要針對新增的加解密函數進行講解.

計算hash值的函數
digest(data text, type text) returns byteadigest(data bytea, type text) returns bytea

type為算法.支持 md5, sha1, sha224, sha256, sha384, sha512. 如果編譯postgresql時時有了with-openssl選項, 則可以支持更多的算法.

例如 :

digoal=# select digest('I am digoal.', 'md5');               digest               ------------------------------------ \xc3b0fb1147858d2259d92f20668fc8f9(1 row)

每次運算得到的hash值都一樣.

digoal=# select digest('I am digoal.', 'md5');               digest               ------------------------------------ \xc3b0fb1147858d2259d92f20668fc8f9(1 row)

但是請注意函數參數, 如果要對bytea hash, 那么請在輸入參數時指定參數類型bytea.

例如以下兩次調用分別調用了2個函數. 所以得到的結果也是不一樣的.

digoal=# select digest('\xffffff'::bytea, 'md5');               digest               ------------------------------------ \x8597d4e7e65352a302b63e07bc01a7da(1 row)digoal=# select digest('\xffffff', 'md5');               digest               ------------------------------------ \xd721f40e22920e0fd8ac7b13587aa92d(1 row)
hmac(data text, key text, type text) returns byteahmac(data bytea, key text, type text) returns bytea

這兩個函數與digest類似, 只是多了一個key參數, 也就是說同一個被加密的值, 可以使用不同的key得到不同的hash值.

這樣的做法是, 不知道key的話, 也無法逆向破解原始值.

使用hmac還有一個好處是, 使用digest如果原始值和hash值同時被別人修改了是無法知道是否被修改的.

但是使用hmac, 如果原始值被修改了, 同時key沒有泄漏的話, 那么hash值是無法被修改的, 因此就能夠知道原始值是否被修改過.

digoal=# select hmac('I am digoal.', 'this is a key', 'md5');                hmac                ------------------------------------ \xc70d0fd2af2382ea8e0a7ffd9edcbd58(1 row)digoal=# select hmac('I am digoal.', 'this is a key', 'md5');                hmac                ------------------------------------ \xc70d0fd2af2382ea8e0a7ffd9edcbd58(1 row)digoal=# select hmac('I am digoal.', 'this is b key', 'md5');                hmac                ------------------------------------ \x4518090fb07fc672b66c829e43fd62dc(1 row)digoal=# select hmac('I am digoal.', 'this is b key', 'md5');                hmac                ------------------------------------ \x4518090fb07fc672b66c829e43fd62dc(1 row)

如果key的長度超過了block size, 那么key會先hash一次, 然后hash值作為key.

以上hash函數只要原始值一致, 每次得到的hash值是一樣的, 雖然hmac多了key的參數, 但是只要key和原始數據一樣, 得到的hash值也是一樣的. 這樣的加密很可能被逆向破解掉.

如何加大破解難度

下面的2個函數主要是提高了逆向破解的難度, 增強了數據的安全性.

crypt(password text, salt text) returns textgen_salt(type text [, iter_count integer ]) returns text

crypt(), 用來計算hash值.

gen_salt(), 用來產生隨機的參數給crypt. type參數為des, xdes, md5, bf. iter_count指迭代次數, 數字越大加密時間越長, 被破解需要的時間也越長.

Table F-16. Iteration Counts for crypt()

Algorithm Default Min Max xdes 725 1 16777215 bf 6 4 31

xdes的iter_count必須為奇數.

crypt和gen_salt結合使用的話, 同一個原始值, 每次得到的hash值是不一樣的.

digoal=# select crypt('this is a pwd source', gen_salt('md5'));               crypt                ------------------------------------ $1$CAp4ifAa$p261Vfku7HDnwx8cuFhsq/(1 row)digoal=# select crypt('this is a pwd source', gen_salt('bf',10));                            crypt                             -------------------------------------------------------------- $2a$10$tvNK2H9mPu1tU5L6oAHdSeze5Hlz7G0y4oEKNg9SlGa06J2sywZHu(1 row)

 

# 每次運算可以得到不同的hash值.

digoal=# select crypt('this is a pwd source', gen_salt('md5'));               crypt                ------------------------------------ $1$p2Sg93iZ$SCdUePtZVuyIJBDO1cEYh1(1 row)digoal=# select crypt('this is a pwd source', gen_salt('bf',10));                            crypt                             -------------------------------------------------------------- $2a$10$cgJiTAs55vMBqYR1kGMGXuMKZI4dsayna4wgEL4K7duYkD0g25ufW(1 row)

原因是gen_salt每次都會給出1個隨機值.

digoal=# select gen_salt('bf',10);           gen_salt            ------------------------------- $2a$10$qY0amXGalzj14rooSpTf5e(1 row)digoal=# select gen_salt('bf',10);           gen_salt            ------------------------------- $2a$10$TmqxqmOd8R3scnPk25Pp2O(1 row)

計算好hash后匹配是怎么做的呢?

看下面, hash值作為第二個參數, 得到的值就是hash值. 所以這樣就可以進行匹配了.

digoal=# select crypt('this is a pwd source', gen_salt('bf',10));                            crypt                             -------------------------------------------------------------- $2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK(1 row)digoal=# select crypt('this is a pwd source', gen_salt('bf',10));                            crypt                             -------------------------------------------------------------- $2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG(1 row)digoal=# select crypt('this is a pwd source', '$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG');                            crypt                             -------------------------------------------------------------- $2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG(1 row)digoal=# select crypt('this is a pwd source', '$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK');                            crypt                             -------------------------------------------------------------- $2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK(1 row)

假設用它來存密碼 :

digoal=# create table userpwd(userid int8 primary key, pwd text);CREATE TABLEdigoal=# insert into userpwd (userid,pwd) values (1, crypt('this is a pwd source', gen_salt('bf',10)));INSERT 0 1

輸入錯誤的密碼, 返回假

digoal=# select crypt('this is a error pwd source', pwd)=pwd from userpwd where userid =1; ?column? ---------- f(1 row)

輸入正確的密碼, 返回真

digoal=# select crypt('this is a pwd source', pwd)=pwd from userpwd where userid =1; ?column? ---------- t(1 row)

crypt支持的算法如下 :

Table F-15. Supported Algorithms for crypt()

Algorithm Max Password Length Adaptive? Salt Bits Description bf 72 yes 128 Blowfish-based, variant 2a md5 unlimited no 48 MD5-based crypt xdes 8 yes 24 Extended DES des 8 no 12 Original UNIX crypt

當然, crypt和gen_salt是以犧牲hash速度為代價來換取安全性的.

Algorithm Hashes/sec For [a-z] For [A-Za-z0-9] crypt-bf/8 28 246 years 251322 years crypt-bf/7 57 121 years 123457 years crypt-bf/6 112 62 years 62831 years crypt-bf/5 211 33 years 33351 years crypt-md5 2681 2.6 years 2625 years crypt-des 362837 7 days 19 years sha1 590223 4 days 12 years md5 2345086 1 day 3 years

以上hash計算速度取自1.5G的奔騰4 CPU. 以及如下測試軟件 :

crypt-des and crypt-md5 algorithm numbers are taken from John the Ripper v1.6.38 -test output.md5 numbers are from mdcrack 1.2.sha1 numbers are from lcrack-20031130-beta.crypt-bf numbers are taken using a simple program that loops over 1000 8-character passwords. That way I can show the speed with different numbers of iterations. For reference: john -test shows 213 loops/sec for crypt-bf/5. (The very small difference in results is in accordance with the fact that the crypt-bf implementation in pgcrypto is the same one used in John the Ripper.)

 

原則上, iter_count的選擇以hash計算速度為準則, 以當前流行的CPU, 并且實測后取4-100每秒之間為宜.

PGP 加密函數

PostgreSQL pgcrypto擴展包中的pgp加解密函數遵循OpenPGP (RFC 4880)標準.

加密的PGP消息由2部分組成 :

這個消息的會話密鑰, 會話密鑰可以是對稱密鑰或公鑰. 使用該會話密鑰加密的數據, 可以選擇加密選項例如
compress-algo, unicode-mode, cipher-algo, compress-level, convert-crlf, disable-mdc, enable-session-key, s2k-mode, s2k-digest-algo, s2k-cipher-algo

使用對稱密鑰加解密的函數如下 :

pgp_sym_encrypt(data text, psw text [, options text ]) returns byteapgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns byteapgp_sym_decrypt(msg bytea, psw text [, options text ]) returns textpgp_sym_decrypt_bytea(msg bytea, psw text [, options text ]) returns bytea

options參考pgcrypto加密選項部分.

PGP 對稱加密舉例

使用對稱密鑰加密, 這里的對稱密鑰為'pwd'字符串 :

digoal=# select pgp_sym_encrypt('i am digoal', 'pwd', 'cipher-algo=bf, compress-algo=2, compress-level=9');                                                                          pgp_sym_encrypt                                           -------------------------------------------------------------------------------------------------------------------------------------------------------------------- \xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706(1 row)

解密也需要使用加密時的對稱密鑰 :

digoal=# select pgp_sym_decrypt('\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706'::bytea, 'pwd'); pgp_sym_decrypt ----------------- i am digoal(1 row)
使用公鑰加解密的函數
pgp_pub_encrypt(data text, key bytea [, options text ]) returns byteapgp_pub_encrypt_bytea(data bytea, key bytea [, options text ]) returns byteapgp_pub_decrypt(msg bytea, key bytea [, psw text [, options text ]]) returns textpgp_pub_decrypt_bytea(msg bytea, key bytea [, psw text [, options text ]]) returns bytea

options參考pgcrypto加密選項部分.

公鑰加密舉例 :

首先要使用gpg生成一對公鑰和密鑰. 當然你也可以生成很多對.

加密用公鑰, 解密用對應的私鑰即可.

公鑰和私鑰都可以放在客戶端, 這樣的話數據庫中只存儲加密后的數據, 攻擊者獲取數據后也無法對它進行解密.

生成一對公鑰密鑰

pg92@db-172-16-3-40-> gpg --gen-keygpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.Please select what kind of key you want:   (1) DSA and Elgamal (default)   (2) DSA (sign only)   (5) RSA (sign only)Your selection? 1  #選擇1DSA keypair will have 1024 bits.ELG-E keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) #選擇2048Requested keysize is 2048 bitsPlease specify how long the key should be valid.         0 = key does not expire        = key expires in n days      w = key expires in n weeks      m = key expires in n months      y = key expires in n yearsKey is valid for? (0) #選擇0, 永不過期.Key does not expire at allIs this correct? (y/N) y #輸入yYou need a user ID to identify your key; the software constructs the user IDfrom the Real Name, Comment and Email Address in this form:    "Heinrich Heine (Der Dichter) "Real name: digoal  # 必須輸入的是name, 后面要用到這個name導出公鑰和密鑰.Email address: Comment: You selected this USER-ID:    "digoal"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O  # 輸入O確認You need a Passphrase to protect your secret key.# 這里可以選擇輸入保護密鑰的passphrase, 當然也可以不輸入留空. # 如果輸入了, 那么使用pgp_pub_decrypt函數解密數據時則需要輸入這個 passphrase.# 本例不輸入passphrase.You don't want a passphrase - this is probably a *bad* idea!I will do it anyway.  You can change your passphrase at any time,using this program with the option "--edit-key".# 馬上在另一個會話中執行ll -R /. 這樣可以讓服務器產生一些動作. 否則可能造成如下錯誤 : # Not enough random bytes available.  Please do some other work to giveWe need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.+++++++++++++++.++++++++++.++++++++++..++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++.+++++.+++++.++++++++++++++++++++>.++++++++++....>+++++............<+++++............+++++We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.++++++++++++++++++++.+++++..+++++...+++++.+++++.++++++++++.++++++++++++++++++++..+++++.+++++.++++++++++..+++++++++++++++++++++++++.+++++++++++++++.++++++++++.+++++>.+++++.+++++>+++++.>+++++>+++++<+++++....+++++^^^gpg: key 634F912F marked as ultimately trustedpublic and secret key created and signed.gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1upub   1024D/634F912F 2013-05-25      Key fingerprint = D2CD D9B8 F1C3 D940 33E9  9E94 DA32 0B23 634F 912Fuid                  digoalsub   2048g/D670D845 2013-05-25

 

# 接下來要生成公鑰和密鑰

# 列出當前系統中的鑰匙串

pg92@db-172-16-3-40-> gpg --list-secret-keys/home/pg92/.gnupg/secring.gpg-----------------------------sec   1024D/634F912F 2013-05-25uid                  digoalssb   2048g/D670D845 2013-05-25

# 導出uid=digoal的公鑰

pg92@db-172-16-3-40-> gpg -a --export digoal > public.key

# 導出uid=digoal的密鑰

pg92@db-172-16-3-40-> gpg -a --export-secret-keys digoal > secret.key

# 查看公鑰和密鑰內容
公鑰內容 :

pg92@db-172-16-3-40-> cat public.key -----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.4.5 (GNU/Linux)mQGiBFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9YRFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2ktUVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZLDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8PA4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSFIBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUrQGZGlnb2FsiGAEExECACAFAlGgIDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDaMgsjY0+RL6mpAJ97/he5t1uatNKyO5v00bfuq9hMrQCgyihwLNzCn3immQp1E8fsg0Rfmaq5Ag0EUaAgORAIAPf4AB8dn2tYQlqOu3cC4g+yD95RV+lxERWLwMNzH1aVuSmBQzZA7pZuAyt9Joy6kwgkcilWtP1XgwUQBnyfS5QOiqNAbDoKFZWxLVKPpvb8jk20zbiWvqH9IUVlMaRjJrY1kdC1ckPFmx17k4uFU9GKFrfx/VukaTBhK3iByUD4JGUvmqKJvu3DX3JliIH4PJaBFxp/nOIy/66gPPz2DkSTBBNYTNVtMqkDLz2gcAWQ99TWsEXRskehPk9FSUDvrs62vC7ZsGmwihSMt/B/gQHc9rmEs5RkqNfyYKUoI4d5UCQdWnjI+V5Sppq6HQhRJ9M0ytoqmYJDKioKR0ewBQMAAwUH/jOZn7ei1rZLv0RP0Y+/E0ROkzpNmMuP+mNvZNrf/PCd1SvPxFZ2MNnhB0JN9a1OjJD8otqqvxMujyTx5z0RqD+7mWKb/q96NpG+fApZNGt6YiTc4a9FV9jpf+fYZyfpOj/bmPpHIUtheGzx/+WIL9gHWDiFR0nP9uXZoDZotuPqEsH2acoIE4oB4lLBvajuDtwnAZlajHMgXZD9W/xzdAlR5frfGNVIdvylwN2SOfSavl4VM4hG1uFc2J4szmivK0TesP1UcIdxnTlTvFieEqaP2rpG6WfVVO7N5ZiWXYOuazzRSEtfTjnGZRnx+WmkUb5KNvVhSg8F7oB7WrKMH/2ISQQYEQIACQUCUaAgOQIbDAAKCRDaMgsjY0+RLx/TAJ4uAleVExWDEVSbNeqm9wBkgRNGbgCeK648ARQH8pBNHcX/hsefvah7TO4==XGEV-----END PGP PUBLIC KEY BLOCK-----

私鑰內容 :

pg92@db-172-16-3-40-> cat secret.key -----BEGIN PGP PRIVATE KEY BLOCK-----Version: GnuPG v1.4.5 (GNU/Linux)lQG7BFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9YRFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2ktUVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZLDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8PA4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSFIBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUgAAn2j3pAZqpbN3xfFFL2YYhP+ePmrnCzm0BmRpZ29hbIhgBBMRAgAgBQJRoCA4AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ2jILI2NPkS+pqQCfe/4XubdbmrTSsjub9NG37qvYTK0AoMoocCzcwp94ppkKdRPH7INEX5mqnQI9BFGgIDkQCAD3+AAfHZ9rWEJajrt3AuIPsg/eUVfpcREVi8DDcx9WlbkpgUM2QO6WbgMrfSaMupMIJHIpVrT9V4MFEAZ8n0uUDoqjQGw6ChWVsS1Sj6b2/I5NtM24lr6h/SFFZTGkYya2NZHQtXJDxZsde5OLhVPRiha38f1bpGkwYSt4gclA+CRlL5qiib7tw19yZYiB+DyWgRcaf5ziMv+uoDz89g5EkwQTWEzVbTKpAy89oHAFkPfU1rBF0bJHoT5PRUlA767Otrwu2bBpsIoUjLfwf4EB3Pa5hLOUZKjX8mClKCOHeVAkHVp4yPleUqaauh0IUSfTNMraKpmCQyoqCkdHsAUDAAMFB/4zmZ+3ota2S79ET9GPvxNETpM6TZjLj/pjb2Ta3/zwndUrz8RWdjDZ4QdCTfWtToyQ/KLaqr8TLo8k8ec9Eag/u5lim/6vejaRvnwKWTRremIk3OGvRVfY6X/n2Gcn6To/25j6RyFLYXhs8f/liC/YB1g4hUdJz/bl2aA2aLbj6hLB9mnKCBOKAeJSwb2o7g7cJwGZWoxzIF2Q/Vv8c3QJUeX63xjVSHb8pcDdkjn0mr5eFTOIRtbhXNieLM5orytE3rD9VHCHcZ05U7xYnhKmj9q6Ruln1VTuzeWYll2Drms80UhLX045xmUZ8flppFG+Sjb1YUoPBe6Ae1qyjB/9AAFUCNmPaOMHsDg6bZpo7ApZJbJsiW6ZBTCojWYF4E2C+5bPQoietziIE5V6LhPdiEkEGBECAAkFAlGgIDkCGwwACgkQ2jILI2NPkS8f0wCgpSCnhRw+soY+Fpg5t7IHjusqNt0An0EeMye7x5uyQc2ikmVtgfZuNOxi=FwrW-----END PGP PRIVATE KEY BLOCK-----

# 使用公鑰加密數據, 使用私鑰解密數據時,

# pgcrypto 需要字節流數據.

# 所以在使用公鑰和私鑰前請先把他們轉換為bytea.

轉換公鑰為bytea :

digoal=# select dearmor('-----BEGIN PGP PUBLIC KEY BLOCK-----digoal'# Version: GnuPG v1.4.5 (GNU/Linux)digoal'# digoal'# mQGiBFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Ydigoal'# RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9digoal'# awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7digoal'# FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2ktdigoal'# UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1digoal'# sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZdigoal'# LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8Pdigoal'# A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSFdigoal'# IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUrQGZGlnb2FsiGAEdigoal'# ExECACAFAlGgIDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDaMgsjY0+Rdigoal'# L6mpAJ97/he5t1uatNKyO5v00bfuq9hMrQCgyihwLNzCn3immQp1E8fsg0Rfmaq5digoal'# Ag0EUaAgORAIAPf4AB8dn2tYQlqOu3cC4g+yD95RV+lxERWLwMNzH1aVuSmBQzZAdigoal'# 7pZuAyt9Joy6kwgkcilWtP1XgwUQBnyfS5QOiqNAbDoKFZWxLVKPpvb8jk20zbiWdigoal'# vqH9IUVlMaRjJrY1kdC1ckPFmx17k4uFU9GKFrfx/VukaTBhK3iByUD4JGUvmqKJdigoal'# vu3DX3JliIH4PJaBFxp/nOIy/66gPPz2DkSTBBNYTNVtMqkDLz2gcAWQ99TWsEXRdigoal'# skehPk9FSUDvrs62vC7ZsGmwihSMt/B/gQHc9rmEs5RkqNfyYKUoI4d5UCQdWnjIdigoal'# +V5Sppq6HQhRJ9M0ytoqmYJDKioKR0ewBQMAAwUH/jOZn7ei1rZLv0RP0Y+/E0ROdigoal'# kzpNmMuP+mNvZNrf/PCd1SvPxFZ2MNnhB0JN9a1OjJD8otqqvxMujyTx5z0RqD+7digoal'# mWKb/q96NpG+fApZNGt6YiTc4a9FV9jpf+fYZyfpOj/bmPpHIUtheGzx/+WIL9gHdigoal'# WDiFR0nP9uXZoDZotuPqEsH2acoIE4oB4lLBvajuDtwnAZlajHMgXZD9W/xzdAlRdigoal'# 5frfGNVIdvylwN2SOfSavl4VM4hG1uFc2J4szmivK0TesP1UcIdxnTlTvFieEqaPdigoal'# 2rpG6WfVVO7N5ZiWXYOuazzRSEtfTjnGZRnx+WmkUb5KNvVhSg8F7oB7WrKMH/2Idigoal'# SQQYEQIACQUCUaAgOQIbDAAKCRDaMgsjY0+RLx/TAJ4uAleVExWDEVSbNeqm9wBkdigoal'# gRNGbgCeK648ARQH8pBNHcX/hsefvah7TO4=digoal'# =XGEVdigoal'# -----END PGP PUBLIC KEY BLOCK-----');

 

得到

\x9901a20451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d3352b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aab9020d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd3009e2e02579513158311549b35eaa6f700648113466e009e2bae3c011407f2904d1dc5ff86c79fbda87b4cee

轉換私鑰為bytea :

digoal=# select dearmor('-----BEGIN PGP PRIVATE KEY BLOCK-----digoal'# Version: GnuPG v1.4.5 (GNU/Linux)digoal'# digoal'# lQG7BFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Ydigoal'# RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9digoal'# awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7digoal'# FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2ktdigoal'# UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1digoal'# sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZdigoal'# LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8Pdigoal'# A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSFdigoal'# IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUgAAn2j3pAZqpbN3digoal'# xfFFL2YYhP+ePmrnCzm0BmRpZ29hbIhgBBMRAgAgBQJRoCA4AhsDBgsJCAcDAgQVdigoal'# AggDBBYCAwECHgECF4AACgkQ2jILI2NPkS+pqQCfe/4XubdbmrTSsjub9NG37qvYdigoal'# TK0AoMoocCzcwp94ppkKdRPH7INEX5mqnQI9BFGgIDkQCAD3+AAfHZ9rWEJajrt3digoal'# AuIPsg/eUVfpcREVi8DDcx9WlbkpgUM2QO6WbgMrfSaMupMIJHIpVrT9V4MFEAZ8digoal'# n0uUDoqjQGw6ChWVsS1Sj6b2/I5NtM24lr6h/SFFZTGkYya2NZHQtXJDxZsde5OLdigoal'# hVPRiha38f1bpGkwYSt4gclA+CRlL5qiib7tw19yZYiB+DyWgRcaf5ziMv+uoDz8digoal'# 9g5EkwQTWEzVbTKpAy89oHAFkPfU1rBF0bJHoT5PRUlA767Otrwu2bBpsIoUjLfwdigoal'# f4EB3Pa5hLOUZKjX8mClKCOHeVAkHVp4yPleUqaauh0IUSfTNMraKpmCQyoqCkdHdigoal'# sAUDAAMFB/4zmZ+3ota2S79ET9GPvxNETpM6TZjLj/pjb2Ta3/zwndUrz8RWdjDZdigoal'# 4QdCTfWtToyQ/KLaqr8TLo8k8ec9Eag/u5lim/6vejaRvnwKWTRremIk3OGvRVfYdigoal'# 6X/n2Gcn6To/25j6RyFLYXhs8f/liC/YB1g4hUdJz/bl2aA2aLbj6hLB9mnKCBOKdigoal'# AeJSwb2o7g7cJwGZWoxzIF2Q/Vv8c3QJUeX63xjVSHb8pcDdkjn0mr5eFTOIRtbhdigoal'# XNieLM5orytE3rD9VHCHcZ05U7xYnhKmj9q6Ruln1VTuzeWYll2Drms80UhLX045digoal'# xmUZ8flppFG+Sjb1YUoPBe6Ae1qyjB/9AAFUCNmPaOMHsDg6bZpo7ApZJbJsiW6Zdigoal'# BTCojWYF4E2C+5bPQoietziIE5V6LhPdiEkEGBECAAkFAlGgIDkCGwwACgkQ2jILdigoal'# I2NPkS8f0wCgpSCnhRw+soY+Fpg5t7IHjusqNt0An0EeMye7x5uyQc2ikmVtgfZudigoal'# NOxidigoal'# =FwrWdigoal'# -----END PGP PRIVATE KEY BLOCK-----');

得到 :

\x9501bb0451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d335200009f68f7a4066aa5b377c5f1452f661884ff9e3e6ae70b39b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aa9d023d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd00015408d98f68e307b0383a6d9a68ec0a5925b26c896e990530a88d6605e04d82fb96cf42889eb7388813957a2e13dd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd300a0a520a7851c3eb2863e169839b7b2078eeb2a36dd009f411e3327bbc79bb241cda292656d81f66e34ec62

 

使用公鑰加密字符串'i am digoal' :

digoal=# select pgp_pub_encrypt('i am digoal', '\x9901a20451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d3352b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aab9020d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd3009e2e02579513158311549b35eaa6f700648113466e009e2bae3c011407f2904d1dc5ff86c79fbda87b4cee');

加密后的數據 :

\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4

使用私鑰解密這串bytea.

digoal=# select pgp_pub_decrypt('\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4','\x9501bb0451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d335200009f68f7a4066aa5b377c5f1452f661884ff9e3e6ae70b39b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aa9d023d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd00015408d98f68e307b0383a6d9a68ec0a5925b26c896e990530a88d6605e04d82fb96cf42889eb7388813957a2e13dd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd300a0a520a7851c3eb2863e169839b7b2078eeb2a36dd009f411e3327bbc79bb241cda292656d81f66e34ec62'); pgp_pub_decrypt ----------------- i am digoal(1 row)

 

使用pgp_key_id可以在加密后的數據中取出這分數據是通過對稱密鑰還是公鑰加密的.

pgp_key_id(bytea) returns text

例如 :

digoal=# select pgp_key_id('\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706'); pgp_key_id ------------ SYMKEY(1 row)digoal=# select pgp_key_id('\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4');    pgp_key_id    ------------------ 1B437BCCD670D845(1 row)
bytea和ASCII-armor格式轉換

使用以下函數可以將加密后的數據bytea, 轉換成PGP ASCII-armor格式.
或者反向轉換.

armor(data bytea) returns textdearmor(data text) returns bytea
用于產生隨機的加密數據bytea的函數
gen_random_bytes(count integer) returns bytea
相關TAG標簽
上一篇:臺積電:絕大多數7nm客戶都會轉向6nm_IT新聞_博客園
下一篇:最后一頁
相關文章
圖文推薦

關于我們 | 聯系我們 | 廣告服務 | 投資合作 | 版權申明 | 在線幫助 | 網站地圖 | 作品發布 | Vip技術培訓 | 舉報中心

版權所有: 紅黑聯盟--致力于做實用的IT技術學習網站

美女MM131爽爽爽毛片