Postgresql 加密
[英]Postgresql Encryption
问题描述
I'm learning how to encrypt columns in postgresql and this is my code but i am getting an error when i try to insert values into the table, also i would like to make the function encrypt the data after insert.
我正在学习如何加密 postgresql 中的列,这是我的代码,但是当我尝试将值插入表中时出现错误,我也想让 function 在插入后加密数据。 i dont know why is the reason that this error is coming up.我不知道为什么会出现这个错误。 if you guys could help me, i will really appreciate it.如果你们能帮助我,我将不胜感激。 its for a school project that im putting together它是我放在一起的一个学校项目
-- dummy table
CREATE TABLE public.users
(
id_num smallint NOT NULL,
username Varchar (50) NOT NULL,
password Varchar (50) ,
test1 Varchar (50) ,
test2 Varchar (50) ,
test3 Varchar (50) ,
CONSTRAINT users_pkey PRIMARY KEY (id_num)
);
---encryption function
--postgresql trigger function
CREATE FUNCTION encrypt_solution_testing_function2()
RETURNS TRIGGER AS
$func$
DECLARE
BEGIN
new.username := PGP_SYM_ENCRYPT(new.username, 'sha1') ;
new.password := PGP_SYM_ENCRYPT(new.password , 'sha1');
new.test1 := PGP_SYM_ENCRYPT(new.test1 , 'sha1') ;
new.test2:= PGP_SYM_ENCRYPT(new.test2 , 'sha1') ;
new.test3 := PGP_SYM_ENCRYPT(new.test3 , 'sha1') ;
RETURN NEW;
END
$func$ LANGUAGE plpgsql;
--before insert trigger but would like to make it, after insert
CREATE TRIGGER encrypt_audit_log_testing2
BEFORE INSERT ON public.users
FOR EACH ROW EXECUTE PROCEDURE encrypt_solution_testing_function2();
error message:错误信息:
ERROR: value too long for type character varying(50)
CONTEXT: PL/pgSQL function encrypt_solution_testing_function2() line 5 at assignment
SQL state: 22001
1 个解决方案
解决方案1
1 2021-04-09 12:23:57
The result of the pgp_sym_encrypt function is not a string, but a binary string ( bytea ). pgp_sym_encrypt function 的结果不是字符串,而是二进制字符串( bytea )。 So if you store the result in a string column, it will be cast to varchar on assignment.因此,如果您将结果存储在字符串列中,它将在赋值时转换为varchar 。
Now the encrypted string can be longer than the clear text, and its string representation is more than double that size:现在加密的字符串可以比明文长,并且它的字符串表示是那个大小的两倍多:
SELECT octet_length(pgp_sym_encrypt('some string', 'sha1'));
octet_length
══════════════
77
(1 row)
SELECT pgp_sym_encrypt('some string', 'sha1');
pgp_sym_encrypt
══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
\xc30d040703020df0c213a136973962d23c014bb8a3d8e55a31ad3b64e5a389a2ae5212be75ccc570881f5d191e3f3528f0f98058bde3e30921b87a385b1ce56240e6bad20410eef10ac5a68511
(1 row)
So you should not use varchar(50) , but bytea to store the encrypted data.所以你不应该使用varchar(50) ,而应该使用bytea来存储加密数据。
Also note that the second argument to pgp_sym_encrypt is not a hashing algorithm, but a password:另请注意, pgp_sym_encrypt的第二个参数不是散列算法,而是密码:
SELECT pgp_sym_decrypt('\xc30d040703020df0c213a136973962d23c014bb8a3d8e55a31ad3b64e5a389a2ae5212be75ccc570881f5d191e3f3528f0f98058bde3e30921b87a385b1ce56240e6bad20410eef10ac5a68511'::bytea, 'sha1');
pgp_sym_decrypt
═════════════════
some string
(1 row)
Everybody who knows that password can decrypt the data.每个知道密码的人都可以解密数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.