作者
digoal
日期
2018-02-26
标签
PostgreSQL , 对称加密 , 非对称加密 , Symmetric , ASymmetric , public , private , pgcrypto , 区块链
背景
对称加密方法,指加密和解密使用同一把密钥的方法。优势是加密速度快,缺陷是密钥只有一把,安全性较低。
非对称加密方法,指加密和解密用到一对钥匙,一把为私钥,一把为公钥。通常的用法是公钥用于加密,私钥用于解密。优势是更加安全,你自己只要保护好私钥,就可以保证别人给你发的数据无法被篡改、窃听。缺陷是加解密效率比对称加密更差一些。
混合加密,指发送大量加密数据前,首先使用非对称加密,将对称加密的密钥加密发送给对端,然后双方使用对称加密通讯。时长更改对称加密的密钥来保证安全。
PostgreSQL pgcrypto插件,同时支持对称和非对称加密,详细用法参考:
https://www.postgresql.org/docs/devel/static/pgcrypto.html
用法介绍
一、对称加密
加密和解密使用同一把钥匙。
1、加密
postgres=# \x
Expanded display is on.
postgres=# select pgp_sym_encrypt('需要加密的文字,你好呀,我是digoal.', 'this is password', 'cipher-algo=aes256, compress-algo=2');
-[ RECORD 1 ]---+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
pgp_sym_encrypt | \xc30d040903022bdfd5bc64a755e072d27001818495e940d555f02711fed0cce27265d8955af6a669c6996dfd805dbfdf45c0e81ceb7aff8ced8dad51a812127043674720e054e4bf8738048b5e57df3b87b1f786270db0dddb14a9bc89701a53fc6d9a597861a818f7bb38f085ca7c413af25c68344f4676f62aa1a72c76183369
2、解密
postgres=# select pgp_sym_decrypt('\xc30d040903022bdfd5bc64a755e072d27001818495e940d555f02711fed0cce27265d8955af6a669c6996dfd805dbfdf45c0e81ceb7aff8ced8dad51a812127043674720e054e4bf8738048b5e57df3b87b1f786270db0dddb14a9bc89701a53fc6d9a597861a818f7bb38f085ca7c413af25c68344f4676f62aa1a72c76183369', 'this is password');
-[ RECORD 1 ]---+------------------------------------
pgp_sym_decrypt | 需要加密的文字,你好呀,我是digoal.
二、非对称加密
由于非对称加解密使用的是一对公钥和密钥,首先需要生成一对公钥和密钥。
使用gpg --gen-key 可以生成。
以Linux系统为例。
安装、启动rng-tools
为了快速生成随机数,需要安装rng-tools。(产生公钥与密钥时,需要一些随机数)
yum install -y rng-tools
启动rngd,生成随机数
```
rngd
read error
hwrng: no available rng
Unable to open file: /dev/tpm0
```
```
ps -ewf|grep rngd
root 14762 1 0 14:52 ? 00:00:00 rngd
root 14767 12394 0 14:52 pts/4 00:00:00 grep --color=auto rngd
```
生成一对公钥和密钥
1、
```
gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
```
2、输入KEY类别,选择2
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 2
3、选择KEY的长度
DSA keys may be between 1024 and 3072 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
4、输入KEY的有效时间,这里输入的是10年
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 10y
Key expires at Thu 24 Feb 2028 02:52:09 PM CST
5、是否正确
Is this correct? (y/N) y
6、输入KEY的标识
```
GnuPG needs to construct a user ID to identify your key.
Real name: digoal
Email address: digoal@126.com
Comment: test
You selected this USER-ID:
"digoal (test) digoal@126.com"
```
7、确认
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
8、输入私有密钥的保护密码
```
You need a Passphrase to protect your secret key.
假设这里输入了 hello123
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Enter passphrase x
x x
x x
x Passphrase **________ x
x x
x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please re-enter this passphrase x
x x
x Passphrase **________ x
x x
x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
```
生成好后,也能设置密码
```
gpg --passwd "digoal (test) digoal@126.com"
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please enter the passphrase to unlock the secret key for the OpenPGP certificate: x
x "digoal (test) digoal@126.com" x
x 2048-bit DSA key, ID 42CF57DB, x
x created 2018-02-26. x
x x
x x
x Passphrase ***______________ x
x x
x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
Enter the new passphrase for this secret key.
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Enter passphrase x
x x
x x
x Passphrase **________ x
x x
x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please re-enter this passphrase x
x x
x Passphrase **________ x
x x
x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
```
9、生成密钥过程中,需要机器有一定的随机输入,所以我们前面启动了rngd
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
10、生成的KEY如下
```
gpg: key 42CF57DB marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2028-02-24
pub 2048D/42CF57DB 2018-02-26 [expires: 2028-02-24]
Key fingerprint = FED6 CF47 6BC2 AB7B 77C6 B04E FBA0 E671 42CF 57DB
uid digoal (test) digoal@126.com
sub 2048g/377B0F3E 2018-02-26 [expires: 2028-02-24]
```
11、列出当前已有的KEY
```
gpg -k
/root/.gnupg/pubring.gpg
pub 2048D/42CF57DB 2018-02-26 [expires: 2028-02-24]
uid digoal (test) digoal@126.com
sub 2048g/377B0F3E 2018-02-26 [expires: 2028-02-24]
```
不要创建多个同名的KEY,否则不好管理。
12、导出公钥
```
gpg --armor --export "digoal (test) digoal@126.com"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQMuBFqTsO8RCAD9e+4fHMVbMGC2ZZuAF4I9ieIDaq26bRk+iWdBfpRod9ZlXZ5j
eLewcM90AOrl4mDYVw63hGrC7fW+M7nKXZQrEccib0Eck4N/RP2PsP37Tp1Idm3k
LlX2P+rS3DsQ0TP0MdeUaSBZLux593IbTSfV87RSq2EdUe8Yv2mlnlOX5dR+1mB8
dr7wO9Ev3fh5vIGPAXiVPm051hDX4Pzz68+YOwzhYxuGg+jG7HB7qMi+rFzht+FS
C/g98xFc4YRJttKnSFl5Pf2dDskABZq6zWPwGZR/H/k7LAimkGxEr/x+sORbHGpa
JBfiWOJu/bwEUl1YS5aliVNdv1yqW+5QjRQXAQDcS3MuYOY11OoUgBJMjn0nE+g+
SG8AWI1T7iMnp3qkmwf/Xo4k9O8MYZdMxQAaGgBV0elAEBfhJqPzAeoL4NuvfCMC
gzEKP9B0EF6Q4vf15S+IsQ+co0HLRAaC4P3bz3NBI7bgq4zIUtoS4ealnrm2lflD
GTAEo2C4fK6hEf9WZrnP/ItI06EPXSnDi2XNDGixdowpReiM6Gl5IJGl/VBOQKvP
EyB3Y/ktkPhUAdKOpv8coRYRjfqRiRxpIrbQX+IGM1J1Xm3OgLOGyv4e8IWxGhXv
Z3m5S2s6dsgWlxTwfFT157VsFKUtiR2RKHI7dObrD7nhG0X1TpmvDvF3UYHK/+B2
/ZH4cYj0qPdq+JcgnCnY+HYzp08u6o0h/T7iz5hVHQgAnL8pmacM9DteMmMm1ySo
4VZKRTH0+F46QwyCeZCZMD8FqqHsGL2/BLxcilACIP1tsMBFVoDELGdwMJe97teL
GTWeuMv5SKlY/4KVSfMfj2l3NchfvfvSxVZ0RJwpjDCXs6+D5Bq7+ObrEEgH2F0y
MKAoCY7V5HqFlZ56Vcy5LSR5bahk62Y7ciuA1W4x95Ei9+jfcKHwSJjdx6vvwu0/
GsR7LmxGSyZWNs74MNZDypY9MaXFvnoP+/uFN4e92qnouU18URSDvOeHWa+WZ7c8
Cch6BOF5mKXgknWoPGNW72RbjH1OlwrzxESWDvcAuaZAnL86QCoRT2BMNgcJ/Kwy
tbQeZGlnb2FsICh0ZXN0KSA8ZGlnb2FsQDEyNi5jb20+iIEEExEIACkFAlqTsO8C
GwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRD7oOZxQs9X2/Cj
AQC0w+DmZFarSR+mwVnCHFNaebKL/ZSGcWPYN91esBNRhgD/VWZFAKzBv+Nr00+U
uIJ34l4R/iKuzYLtX4L08EdS2vW5Ag0EWpOw7xAIAMouNO8cLRdK0ASEtPsuuFOW
XDUPYQuwoE628/OX07NScXZENuqN7u3espDdPerYlg56ta6VtjefSRwhmMHrktyF
SZlWOjlS9NQ63Wi1qNIVgtbTmNUWX6EshAhAqFBke4+r9VeNOHtpSc6q1D4HGRXP
DG7c5g/o/DkGXEfnfh9B7MulN7Y9pqhGjywJMTfRExBx2XSXiNX1hN679TFFcacq
sZxChWY0XDWAYOE/cyD5WGStn7Gp52KYey+ce4kyWYJjHgUdocDCT/y+d8/56eYK
YAPPyuC0vvNY5RkvakUHl2UpaO41WMg5KrYOk3iHNqBHe+4RLxPbiMS3BstUiFMA
AwUIAIKp8ZXIcaj4vY8U6QzS+FnpnGVXwX6xeQ5nHi+Ug6sedQjTkcoFzz133kCU
aUSkztWmiJEVG2N1NP+ljgtSqjVkdeAfCU9FElWD4xFVe5MWy5HdqIZbuTSvLmXQ
9LuAGP4J4UrNqFwO7yaLESABvv5JWU9bgZOSux/ac50CxRDpSTxumNatGgXNopzg
fcTiM78VP7ZXqer+RHj0aOtIIesjJ4h/xPOJll0EoslyCX+n5R4esyCu5WE68+o6
KocuJEuo99VzqLN6Ob+LOYXhYl3gIbOvzCv91FmZizFt4CM97sgkzLe1krEPdFoS
YsUemp1ySORK1TW21vG4Ky7CzrKIZwQYEQgADwUCWpOw7wIbDAUJEswDAAAKCRD7
oOZxQs9X2wp3AQCHPlPX7P3tY0IrSyFhiXy8kKhFcjoFGGWeTQVVTju1tAEAzoeJ
La2WktRLDl5jG1LixIzlzybYVvJvgAEEGx99YBk=
=y4aI
-----END PGP PUBLIC KEY BLOCK-----
```
13、导出密钥(注意保护好它,千万别泄露)
```
gpg --armor --export-secret-keys "digoal (test) digoal@126.com"
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
lQN5BFqTsO8RCAD9e+4fHMVbMGC2ZZuAF4I9ieIDaq26bRk+iWdBfpRod9ZlXZ5j
eLewcM90AOrl4mDYVw63hGrC7fW+M7nKXZQrEccib0Eck4N/RP2PsP37Tp1Idm3k
LlX2P+rS3DsQ0TP0MdeUaSBZLux593IbTSfV87RSq2EdUe8Yv2mlnlOX5dR+1mB8
dr7wO9Ev3fh5vIGPAXiVPm051hDX4Pzz68+YOwzhYxuGg+jG7HB7qMi+rFzht+FS
C/g98xFc4YRJttKnSFl5Pf2dDskABZq6zWPwGZR/H/k7LAimkGxEr/x+sORbHGpa
JBfiWOJu/bwEUl1YS5aliVNdv1yqW+5QjRQXAQDcS3MuYOY11OoUgBJMjn0nE+g+
SG8AWI1T7iMnp3qkmwf/Xo4k9O8MYZdMxQAaGgBV0elAEBfhJqPzAeoL4NuvfCMC
gzEKP9B0EF6Q4vf15S+IsQ+co0HLRAaC4P3bz3NBI7bgq4zIUtoS4ealnrm2lflD
GTAEo2C4fK6hEf9WZrnP/ItI06EPXSnDi2XNDGixdowpReiM6Gl5IJGl/VBOQKvP
EyB3Y/ktkPhUAdKOpv8coRYRjfqRiRxpIrbQX+IGM1J1Xm3OgLOGyv4e8IWxGhXv
Z3m5S2s6dsgWlxTwfFT157VsFKUtiR2RKHI7dObrD7nhG0X1TpmvDvF3UYHK/+B2
/ZH4cYj0qPdq+JcgnCnY+HYzp08u6o0h/T7iz5hVHQgAnL8pmacM9DteMmMm1ySo
4VZKRTH0+F46QwyCeZCZMD8FqqHsGL2/BLxcilACIP1tsMBFVoDELGdwMJe97teL
GTWeuMv5SKlY/4KVSfMfj2l3NchfvfvSxVZ0RJwpjDCXs6+D5Bq7+ObrEEgH2F0y
MKAoCY7V5HqFlZ56Vcy5LSR5bahk62Y7ciuA1W4x95Ei9+jfcKHwSJjdx6vvwu0/
GsR7LmxGSyZWNs74MNZDypY9MaXFvnoP+/uFN4e92qnouU18URSDvOeHWa+WZ7c8
Cch6BOF5mKXgknWoPGNW72RbjH1OlwrzxESWDvcAuaZAnL86QCoRT2BMNgcJ/Kwy
tf4DAwJwPKSQdSP6a95X3hYjdoH2F9uNuEGUzG2xNk/aXt1aIRuVkFYxZ9Y5qrJI
6h1bW2Onh+MlQXM06q/ZNmFiAPSLWJwv/MdyEbQeZGlnb2FsICh0ZXN0KSA8ZGln
b2FsQDEyNi5jb20+iIEEExEIACkFAlqTsO8CGwMFCRLMAwAHCwkIBwMCAQYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRD7oOZxQs9X2/CjAQC0w+DmZFarSR+mwVnCHFNaebKL
/ZSGcWPYN91esBNRhgD/VWZFAKzBv+Nr00+UuIJ34l4R/iKuzYLtX4L08EdS2vWd
AmMEWpOw7xAIAMouNO8cLRdK0ASEtPsuuFOWXDUPYQuwoE628/OX07NScXZENuqN
7u3espDdPerYlg56ta6VtjefSRwhmMHrktyFSZlWOjlS9NQ63Wi1qNIVgtbTmNUW
X6EshAhAqFBke4+r9VeNOHtpSc6q1D4HGRXPDG7c5g/o/DkGXEfnfh9B7MulN7Y9
pqhGjywJMTfRExBx2XSXiNX1hN679TFFcacqsZxChWY0XDWAYOE/cyD5WGStn7Gp
52KYey+ce4kyWYJjHgUdocDCT/y+d8/56eYKYAPPyuC0vvNY5RkvakUHl2UpaO41
WMg5KrYOk3iHNqBHe+4RLxPbiMS3BstUiFMAAwUIAIKp8ZXIcaj4vY8U6QzS+Fnp
nGVXwX6xeQ5nHi+Ug6sedQjTkcoFzz133kCUaUSkztWmiJEVG2N1NP+ljgtSqjVk
deAfCU9FElWD4xFVe5MWy5HdqIZbuTSvLmXQ9LuAGP4J4UrNqFwO7yaLESABvv5J
WU9bgZOSux/ac50CxRDpSTxumNatGgXNopzgfcTiM78VP7ZXqer+RHj0aOtIIesj
J4h/xPOJll0EoslyCX+n5R4esyCu5WE68+o6KocuJEuo99VzqLN6Ob+LOYXhYl3g
IbOvzCv91FmZizFt4CM97sgkzLe1krEPdFoSYsUemp1ySORK1TW21vG4Ky7CzrL+
AwMCcDykkHUj+mvejez2A8jxO8ByPUWRSosrNkZpC9TCPLrs7TdG3gVxjpii01Sm
SK2+MS0E7k04PA+bHYy32Ddcc3oIjnR3Axv8IsZ5N/ykPe1e0IhnBBgRCAAPBQJa
k7DvAhsMBQkSzAMAAAoJEPug5nFCz1fbCncA/2RPU9KzKPF+u2x/VYCgAD7J11Wr
/6dcArUamZ9UkeGlAQCn3pfxtSfqwFTOv6iV1Lvbkd+UrJGhCYafYbdd09QEfw==
=vdx4
-----END PGP PRIVATE KEY BLOCK-----
```
将公钥和密钥转换为PostgreSQL bytea格式
1、公钥
```
postgres=# select dearmor('
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQMuBFqTsO8RCAD9e+4fHMVbMGC2ZZuAF4I9ieIDaq26bRk+iWdBfpRod9ZlXZ5j
eLewcM90AOrl4mDYVw63hGrC7fW+M7nKXZQrEccib0Eck4N/RP2PsP37Tp1Idm3k
LlX2P+rS3DsQ0TP0MdeUaSBZLux593IbTSfV87RSq2EdUe8Yv2mlnlOX5dR+1mB8
dr7wO9Ev3fh5vIGPAXiVPm051hDX4Pzz68+YOwzhYxuGg+jG7HB7qMi+rFzht+FS
C/g98xFc4YRJttKnSFl5Pf2dDskABZq6zWPwGZR/H/k7LAimkGxEr/x+sORbHGpa
JBfiWOJu/bwEUl1YS5aliVNdv1yqW+5QjRQXAQDcS3MuYOY11OoUgBJMjn0nE+g+
SG8AWI1T7iMnp3qkmwf/Xo4k9O8MYZdMxQAaGgBV0elAEBfhJqPzAeoL4NuvfCMC
gzEKP9B0EF6Q4vf15S+IsQ+co0HLRAaC4P3bz3NBI7bgq4zIUtoS4ealnrm2lflD
GTAEo2C4fK6hEf9WZrnP/ItI06EPXSnDi2XNDGixdowpReiM6Gl5IJGl/VBOQKvP
EyB3Y/ktkPhUAdKOpv8coRYRjfqRiRxpIrbQX+IGM1J1Xm3OgLOGyv4e8IWxGhXv
Z3m5S2s6dsgWlxTwfFT157VsFKUtiR2RKHI7dObrD7nhG0X1TpmvDvF3UYHK/+B2
/ZH4cYj0qPdq+JcgnCnY+HYzp08u6o0h/T7iz5hVHQgAnL8pmacM9DteMmMm1ySo
4VZKRTH0+F46QwyCeZCZMD8FqqHsGL2/BLxcilACIP1tsMBFVoDELGdwMJe97teL
GTWeuMv5SKlY/4KVSfMfj2l3NchfvfvSxVZ0RJwpjDCXs6+D5Bq7+ObrEEgH2F0y
MKAoCY7V5HqFlZ56Vcy5LSR5bahk62Y7ciuA1W4x95Ei9+jfcKHwSJjdx6vvwu0/
GsR7LmxGSyZWNs74MNZDypY9MaXFvnoP+/uFN4e92qnouU18URSDvOeHWa+WZ7c8
Cch6BOF5mKXgknWoPGNW72RbjH1OlwrzxESWDvcAuaZAnL86QCoRT2BMNgcJ/Kwy
tbQeZGlnb2FsICh0ZXN0KSA8ZGlnb2FsQDEyNi5jb20+iIEEExEIACkFAlqTsO8C
GwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRD7oOZxQs9X2/Cj
AQC0w+DmZFarSR+mwVnCHFNaebKL/ZSGcWPYN91esBNRhgD/VWZFAKzBv+Nr00+U
uIJ34l4R/iKuzYLtX4L08EdS2vW5Ag0EWpOw7xAIAMouNO8cLRdK0ASEtPsuuFOW
XDUPYQuwoE628/OX07NScXZENuqN7u3espDdPerYlg56ta6VtjefSRwhmMHrktyF
SZlWOjlS9NQ63Wi1qNIVgtbTmNUWX6EshAhAqFBke4+r9VeNOHtpSc6q1D4HGRXP
DG7c5g/o/DkGXEfnfh9B7MulN7Y9pqhGjywJMTfRExBx2XSXiNX1hN679TFFcacq
sZxChWY0XDWAYOE/cyD5WGStn7Gp52KYey+ce4kyWYJjHgUdocDCT/y+d8/56eYK
YAPPyuC0vvNY5RkvakUHl2UpaO41WMg5KrYOk3iHNqBHe+4RLxPbiMS3BstUiFMA
AwUIAIKp8ZXIcaj4vY8U6QzS+FnpnGVXwX6xeQ5nHi+Ug6sedQjTkcoFzz133kCU
aUSkztWmiJEVG2N1NP+ljgtSqjVkdeAfCU9FElWD4xFVe5MWy5HdqIZbuTSvLmXQ
9LuAGP4J4UrNqFwO7yaLESABvv5JWU9bgZOSux/ac50CxRDpSTxumNatGgXNopzg
fcTiM78VP7ZXqer+RHj0aOtIIesjJ4h/xPOJll0EoslyCX+n5R4esyCu5WE68+o6
KocuJEuo99VzqLN6Ob+LOYXhYl3gIbOvzCv91FmZizFt4CM97sgkzLe1krEPdFoS
YsUemp1ySORK1TW21vG4Ky7CzrKIZwQYEQgADwUCWpOw7wIbDAUJEswDAAAKCRD7
oOZxQs9X2wp3AQCHPlPX7P3tY0IrSyFhiXy8kKhFcjoFGGWeTQVVTju1tAEAzoeJ
La2WktRLDl5jG1LixIzlzybYVvJvgAEEGx99YBk=
=y4aI
-----END PGP PUBLIC KEY BLOCK-----
');
```
\x99032e045a93b0ef110800fd7bee1f1cc55b3060b6659b8017823d89e2036aadba6d193e8967417e946877d6655d9e6378b7b070cf7400eae5e260d8570eb7846ac2edf5be33b9ca5d942b11c7226f411c93837f44fd8fb0fdfb4e9d48766de42e55f63fead2dc3b10d133f431d7946920592eec79f7721b4d27d5f3b452ab611d51ef18bf69a59e5397e5d47ed6607c76bef03bd12fddf879bc818f0178953e6d39d610d7e0fcf3ebcf983b0ce1631b8683e8c6ec707ba8c8beac5ce1b7e1520bf83df3115ce18449b6d2a74859793dfd9d0ec900059abacd63f019947f1ff93b2c08a6906c44affc7eb0e45b1c6a5a2417e258e26efdbc04525d584b96a589535dbf5caa5bee508d14170100dc4b732e60e635d4ea1480124c8e7d2713e83e486f00588d53ee2327a77aa49b07ff5e8e24f4ef0c61974cc5001a1a0055d1e9401017e126a3f301ea0be0dbaf7c230283310a3fd074105e90e2f7f5e52f88b10f9ca341cb440682e0fddbcf734123b6e0ab8cc852da12e1e6a59eb9b695f943193004a360b87caea111ff5666b9cffc8b48d3a10f5d29c38b65cd0c68b1768c2945e88ce869792091a5fd504e40abcf13207763f92d90f85401d28ea6ff1ca116118dfa91891c6922b6d05fe2063352755e6dce80b386cafe1ef085b11a15ef6779b94b6b3a76c8169714f07c54f5e7b56c14a52d891d9128723b74e6eb0fb9e11b45f54e99af0ef1775181caffe076fd91f87188f4a8f76af897209c29d8f87633a74f2eea8d21fd3ee2cf98551d08009cbf2999a70cf43b5e326326d724a8e1564a4531f4f85e3a430c82799099303f05aaa1ec18bdbf04bc5c8a500220fd6db0c0455680c42c67703097bdeed78b19359eb8cbf948a958ff829549f31f8f697735c85fbdfbd2c55674449c298c3097b3af83e41abbf8e6eb104807d85d3230a028098ed5e47a85959e7a55ccb92d24796da864eb663b722b80d56e31f79122f7e8df70a1f04898ddc7abefc2ed3f1ac47b2e6c464b265636cef830d643ca963d31a5c5be7a0ffbfb853787bddaa9e8b94d7c511483bce78759af9667b73c09c87a04e17998a5e09275a83c6356ef645b8c7d4e970af3c444960ef700b9a6409cbf3a402a114f604c360709fcac32b5b41e6469676f616c20287465737429203c6469676f616c403132362e636f6d3e888104131108002905025a93b0ef021b03050912cc0300070b09080703020106150802090a0b0416020301021e01021780000a0910fba0e67142cf57dbf0a30100b4c3e0e66456ab491fa6c159c21c535a79b28bfd94867163d837dd5eb013518600ff55664500acc1bfe36bd34f94b88277e25e11fe22aecd82ed5f82f4f04752daf5b9020d045a93b0ef100800ca2e34ef1c2d174ad00484b4fb2eb853965c350f610bb0a04eb6f3f397d3b35271764436ea8deeeddeb290dd3dead8960e7ab5ae95b6379f491c2198c1eb92dc854999563a3952f4d43add68b5a8d21582d6d398d5165fa12c840840a850647b8fabf5578d387b6949ceaad43e071915cf0c6edce60fe8fc39065c47e77e1f41eccba537b63da6a8468f2c093137d1131071d9749788d5f584debbf5314571a72ab19c428566345c358060e13f7320f95864ad9fb1a9e762987b2f9c7b89325982631e051da1c0c24ffcbe77cff9e9e60a6003cfcae0b4bef358e5192f6a450797652968ee3558c8392ab60e93788736a0477bee112f13db88c4b706cb548853000305080082a9f195c871a8f8bd8f14e90cd2f859e99c6557c17eb1790e671e2f9483ab1e7508d391ca05cf3d77de40946944a4ced5a68891151b637534ffa58e0b52aa356475e01f094f45125583e311557b9316cb91dda8865bb934af2e65d0f4bb8018fe09e14acda85c0eef268b112001befe49594f5b819392bb1fda739d02c510e9493c6e98d6ad1a05cda29ce07dc4e233bf153fb657a9eafe4478f468eb4821eb2327887fc4f389965d04a2c972097fa7e51e1eb320aee5613af3ea3a2a872e244ba8f7d573a8b37a39bf8b3985e1625de021b3afcc2bfdd459998b316de0233deec824ccb7b592b10f745a1262c51e9a9d7248e44ad535b6d6f1b82b2ec2ceb2886704181108000f05025a93b0ef021b0c050912cc0300000a0910fba0e67142cf57db0a770100873e53d7ecfded63422b4b2161897cbc90a845723a0518659e4d05554e3bb5b40100ce87892dad9692d44b0e5e631b52e2c48ce5cf26d856f26f8001041b1f7d6019
2、密钥
```
postgres=# select dearmor('
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
lQN5BFqTsO8RCAD9e+4fHMVbMGC2ZZuAF4I9ieIDaq26bRk+iWdBfpRod9ZlXZ5j
eLewcM90AOrl4mDYVw63hGrC7fW+M7nKXZQrEccib0Eck4N/RP2PsP37Tp1Idm3k
LlX2P+rS3DsQ0TP0MdeUaSBZLux593IbTSfV87RSq2EdUe8Yv2mlnlOX5dR+1mB8
dr7wO9Ev3fh5vIGPAXiVPm051hDX4Pzz68+YOwzhYxuGg+jG7HB7qMi+rFzht+FS
C/g98xFc4YRJttKnSFl5Pf2dDskABZq6zWPwGZR/H/k7LAimkGxEr/x+sORbHGpa
JBfiWOJu/bwEUl1YS5aliVNdv1yqW+5QjRQXAQDcS3MuYOY11OoUgBJMjn0nE+g+
SG8AWI1T7iMnp3qkmwf/Xo4k9O8MYZdMxQAaGgBV0elAEBfhJqPzAeoL4NuvfCMC
gzEKP9B0EF6Q4vf15S+IsQ+co0HLRAaC4P3bz3NBI7bgq4zIUtoS4ealnrm2lflD
GTAEo2C4fK6hEf9WZrnP/ItI06EPXSnDi2XNDGixdowpReiM6Gl5IJGl/VBOQKvP
EyB3Y/ktkPhUAdKOpv8coRYRjfqRiRxpIrbQX+IGM1J1Xm3OgLOGyv4e8IWxGhXv
Z3m5S2s6dsgWlxTwfFT157VsFKUtiR2RKHI7dObrD7nhG0X1TpmvDvF3UYHK/+B2
/ZH4cYj0qPdq+JcgnCnY+HYzp08u6o0h/T7iz5hVHQgAnL8pmacM9DteMmMm1ySo
4VZKRTH0+F46QwyCeZCZMD8FqqHsGL2/BLxcilACIP1tsMBFVoDELGdwMJe97teL
GTWeuMv5SKlY/4KVSfMfj2l3NchfvfvSxVZ0RJwpjDCXs6+D5Bq7+ObrEEgH2F0y
MKAoCY7V5HqFlZ56Vcy5LSR5bahk62Y7ciuA1W4x95Ei9+jfcKHwSJjdx6vvwu0/
GsR7LmxGSyZWNs74MNZDypY9MaXFvnoP+/uFN4e92qnouU18URSDvOeHWa+WZ7c8
Cch6BOF5mKXgknWoPGNW72RbjH1OlwrzxESWDvcAuaZAnL86QCoRT2BMNgcJ/Kwy
tf4DAwJwPKSQdSP6a95X3hYjdoH2F9uNuEGUzG2xNk/aXt1aIRuVkFYxZ9Y5qrJI
6h1bW2Onh+MlQXM06q/ZNmFiAPSLWJwv/MdyEbQeZGlnb2FsICh0ZXN0KSA8ZGln
b2FsQDEyNi5jb20+iIEEExEIACkFAlqTsO8CGwMFCRLMAwAHCwkIBwMCAQYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRD7oOZxQs9X2/CjAQC0w+DmZFarSR+mwVnCHFNaebKL
/ZSGcWPYN91esBNRhgD/VWZFAKzBv+Nr00+UuIJ34l4R/iKuzYLtX4L08EdS2vWd
AmMEWpOw7xAIAMouNO8cLRdK0ASEtPsuuFOWXDUPYQuwoE628/OX07NScXZENuqN
7u3espDdPerYlg56ta6VtjefSRwhmMHrktyFSZlWOjlS9NQ63Wi1qNIVgtbTmNUW
X6EshAhAqFBke4+r9VeNOHtpSc6q1D4HGRXPDG7c5g/o/DkGXEfnfh9B7MulN7Y9
pqhGjywJMTfRExBx2XSXiNX1hN679TFFcacqsZxChWY0XDWAYOE/cyD5WGStn7Gp
52KYey+ce4kyWYJjHgUdocDCT/y+d8/56eYKYAPPyuC0vvNY5RkvakUHl2UpaO41
WMg5KrYOk3iHNqBHe+4RLxPbiMS3BstUiFMAAwUIAIKp8ZXIcaj4vY8U6QzS+Fnp
nGVXwX6xeQ5nHi+Ug6sedQjTkcoFzz133kCUaUSkztWmiJEVG2N1NP+ljgtSqjVk
deAfCU9FElWD4xFVe5MWy5HdqIZbuTSvLmXQ9LuAGP4J4UrNqFwO7yaLESABvv5J
WU9bgZOSux/ac50CxRDpSTxumNatGgXNopzgfcTiM78VP7ZXqer+RHj0aOtIIesj
J4h/xPOJll0EoslyCX+n5R4esyCu5WE68+o6KocuJEuo99VzqLN6Ob+LOYXhYl3g
IbOvzCv91FmZizFt4CM97sgkzLe1krEPdFoSYsUemp1ySORK1TW21vG4Ky7CzrL+
AwMCcDykkHUj+mvejez2A8jxO8ByPUWRSosrNkZpC9TCPLrs7TdG3gVxjpii01Sm
SK2+MS0E7k04PA+bHYy32Ddcc3oIjnR3Axv8IsZ5N/ykPe1e0IhnBBgRCAAPBQJa
k7DvAhsMBQkSzAMAAAoJEPug5nFCz1fbCncA/2RPU9KzKPF+u2x/VYCgAD7J11Wr
/6dcArUamZ9UkeGlAQCn3pfxtSfqwFTOv6iV1Lvbkd+UrJGhCYafYbdd09QEfw==
=vdx4
-----END PGP PRIVATE KEY BLOCK-----
');
```
\x950379045a93b0ef110800fd7bee1f1cc55b3060b6659b8017823d89e2036aadba6d193e8967417e946877d6655d9e6378b7b070cf7400eae5e260d8570eb7846ac2edf5be33b9ca5d942b11c7226f411c93837f44fd8fb0fdfb4e9d48766de42e55f63fead2dc3b10d133f431d7946920592eec79f7721b4d27d5f3b452ab611d51ef18bf69a59e5397e5d47ed6607c76bef03bd12fddf879bc818f0178953e6d39d610d7e0fcf3ebcf983b0ce1631b8683e8c6ec707ba8c8beac5ce1b7e1520bf83df3115ce18449b6d2a74859793dfd9d0ec900059abacd63f019947f1ff93b2c08a6906c44affc7eb0e45b1c6a5a2417e258e26efdbc04525d584b96a589535dbf5caa5bee508d14170100dc4b732e60e635d4ea1480124c8e7d2713e83e486f00588d53ee2327a77aa49b07ff5e8e24f4ef0c61974cc5001a1a0055d1e9401017e126a3f301ea0be0dbaf7c230283310a3fd074105e90e2f7f5e52f88b10f9ca341cb440682e0fddbcf734123b6e0ab8cc852da12e1e6a59eb9b695f943193004a360b87caea111ff5666b9cffc8b48d3a10f5d29c38b65cd0c68b1768c2945e88ce869792091a5fd504e40abcf13207763f92d90f85401d28ea6ff1ca116118dfa91891c6922b6d05fe2063352755e6dce80b386cafe1ef085b11a15ef6779b94b6b3a76c8169714f07c54f5e7b56c14a52d891d9128723b74e6eb0fb9e11b45f54e99af0ef1775181caffe076fd91f87188f4a8f76af897209c29d8f87633a74f2eea8d21fd3ee2cf98551d08009cbf2999a70cf43b5e326326d724a8e1564a4531f4f85e3a430c82799099303f05aaa1ec18bdbf04bc5c8a500220fd6db0c0455680c42c67703097bdeed78b19359eb8cbf948a958ff829549f31f8f697735c85fbdfbd2c55674449c298c3097b3af83e41abbf8e6eb104807d85d3230a028098ed5e47a85959e7a55ccb92d24796da864eb663b722b80d56e31f79122f7e8df70a1f04898ddc7abefc2ed3f1ac47b2e6c464b265636cef830d643ca963d31a5c5be7a0ffbfb853787bddaa9e8b94d7c511483bce78759af9667b73c09c87a04e17998a5e09275a83c6356ef645b8c7d4e970af3c444960ef700b9a6409cbf3a402a114f604c360709fcac32b5fe030302703ca4907523fa6bde57de16237681f617db8db84194cc6db1364fda5edd5a211b9590563167d639aab248ea1d5b5b63a787e325417334eaafd936616200f48b589c2ffcc77211b41e6469676f616c20287465737429203c6469676f616c403132362e636f6d3e888104131108002905025a93b0ef021b03050912cc0300070b09080703020106150802090a0b0416020301021e01021780000a0910fba0e67142cf57dbf0a30100b4c3e0e66456ab491fa6c159c21c535a79b28bfd94867163d837dd5eb013518600ff55664500acc1bfe36bd34f94b88277e25e11fe22aecd82ed5f82f4f04752daf59d0263045a93b0ef100800ca2e34ef1c2d174ad00484b4fb2eb853965c350f610bb0a04eb6f3f397d3b35271764436ea8deeeddeb290dd3dead8960e7ab5ae95b6379f491c2198c1eb92dc854999563a3952f4d43add68b5a8d21582d6d398d5165fa12c840840a850647b8fabf5578d387b6949ceaad43e071915cf0c6edce60fe8fc39065c47e77e1f41eccba537b63da6a8468f2c093137d1131071d9749788d5f584debbf5314571a72ab19c428566345c358060e13f7320f95864ad9fb1a9e762987b2f9c7b89325982631e051da1c0c24ffcbe77cff9e9e60a6003cfcae0b4bef358e5192f6a450797652968ee3558c8392ab60e93788736a0477bee112f13db88c4b706cb548853000305080082a9f195c871a8f8bd8f14e90cd2f859e99c6557c17eb1790e671e2f9483ab1e7508d391ca05cf3d77de40946944a4ced5a68891151b637534ffa58e0b52aa356475e01f094f45125583e311557b9316cb91dda8865bb934af2e65d0f4bb8018fe09e14acda85c0eef268b112001befe49594f5b819392bb1fda739d02c510e9493c6e98d6ad1a05cda29ce07dc4e233bf153fb657a9eafe4478f468eb4821eb2327887fc4f389965d04a2c972097fa7e51e1eb320aee5613af3ea3a2a872e244ba8f7d573a8b37a39bf8b3985e1625de021b3afcc2bfdd459998b316de0233deec824ccb7b592b10f745a1262c51e9a9d7248e44ad535b6d6f1b82b2ec2ceb2fe030302703ca4907523fa6bde8decf603c8f13bc0723d45914a8b2b3646690bd4c23cbaeced3746de05718e98a2d354a648adbe312d04ee4d383c0f9b1d8cb7d8375c737a088e7477031bfc22c67937fca43ded5ed0886704181108000f05025a93b0ef021b0c050912cc0300000a0910fba0e67142cf57db0a7700ff644f53d2b328f17ebb6c7f5580a0003ec9d755abffa75c02b51a999f5491e1a50100a7de97f1b527eac054cebfa895d4bbdb91df94ac91a109869f61b75dd3d4047f
使用某个公钥加密数据
select pgp_pub_encrypt(
'需要加密的文字,你好呀,我是digoal.',
'\x99032e045a93b0ef110800fd7bee1f1cc55b3060b6659b8017823d89e2036aadba6d193e8967417e946877d6655d9e6378b7b070cf7400eae5e260d8570eb7846ac2edf5be33b9ca5d942b11c7226f411c93837f44fd8fb0fdfb4e9d48766de42e55f63fead2dc3b10d133f431d7946920592eec79f7721b4d27d5f3b452ab611d51ef18bf69a59e5397e5d47ed6607c76bef03bd12fddf879bc818f0178953e6d39d610d7e0fcf3ebcf983b0ce1631b8683e8c6ec707ba8c8beac5ce1b7e1520bf83df3115ce18449b6d2a74859793dfd9d0ec900059abacd63f019947f1ff93b2c08a6906c44affc7eb0e45b1c6a5a2417e258e26efdbc04525d584b96a589535dbf5caa5bee508d14170100dc4b732e60e635d4ea1480124c8e7d2713e83e486f00588d53ee2327a77aa49b07ff5e8e24f4ef0c61974cc5001a1a0055d1e9401017e126a3f301ea0be0dbaf7c230283310a3fd074105e90e2f7f5e52f88b10f9ca341cb440682e0fddbcf734123b6e0ab8cc852da12e1e6a59eb9b695f943193004a360b87caea111ff5666b9cffc8b48d3a10f5d29c38b65cd0c68b1768c2945e88ce869792091a5fd504e40abcf13207763f92d90f85401d28ea6ff1ca116118dfa91891c6922b6d05fe2063352755e6dce80b386cafe1ef085b11a15ef6779b94b6b3a76c8169714f07c54f5e7b56c14a52d891d9128723b74e6eb0fb9e11b45f54e99af0ef1775181caffe076fd91f87188f4a8f76af897209c29d8f87633a74f2eea8d21fd3ee2cf98551d08009cbf2999a70cf43b5e326326d724a8e1564a4531f4f85e3a430c82799099303f05aaa1ec18bdbf04bc5c8a500220fd6db0c0455680c42c67703097bdeed78b19359eb8cbf948a958ff829549f31f8f697735c85fbdfbd2c55674449c298c3097b3af83e41abbf8e6eb104807d85d3230a028098ed5e47a85959e7a55ccb92d24796da864eb663b722b80d56e31f79122f7e8df70a1f04898ddc7abefc2ed3f1ac47b2e6c464b265636cef830d643ca963d31a5c5be7a0ffbfb853787bddaa9e8b94d7c511483bce78759af9667b73c09c87a04e17998a5e09275a83c6356ef645b8c7d4e970af3c444960ef700b9a6409cbf3a402a114f604c360709fcac32b5b41e6469676f616c20287465737429203c6469676f616c403132362e636f6d3e888104131108002905025a93b0ef021b03050912cc0300070b09080703020106150802090a0b0416020301021e01021780000a0910fba0e67142cf57dbf0a30100b4c3e0e66456ab491fa6c159c21c535a79b28bfd94867163d837dd5eb013518600ff55664500acc1bfe36bd34f94b88277e25e11fe22aecd82ed5f82f4f04752daf5b9020d045a93b0ef100800ca2e34ef1c2d174ad00484b4fb2eb853965c350f610bb0a04eb6f3f397d3b35271764436ea8deeeddeb290dd3dead8960e7ab5ae95b6379f491c2198c1eb92dc854999563a3952f4d43add68b5a8d21582d6d398d5165fa12c840840a850647b8fabf5578d387b6949ceaad43e071915cf0c6edce60fe8fc39065c47e77e1f41eccba537b63da6a8468f2c093137d1131071d9749788d5f584debbf5314571a72ab19c428566345c358060e13f7320f95864ad9fb1a9e762987b2f9c7b89325982631e051da1c0c24ffcbe77cff9e9e60a6003cfcae0b4bef358e5192f6a450797652968ee3558c8392ab60e93788736a0477bee112f13db88c4b706cb548853000305080082a9f195c871a8f8bd8f14e90cd2f859e99c6557c17eb1790e671e2f9483ab1e7508d391ca05cf3d77de40946944a4ced5a68891151b637534ffa58e0b52aa356475e01f094f45125583e311557b9316cb91dda8865bb934af2e65d0f4bb8018fe09e14acda85c0eef268b112001befe49594f5b819392bb1fda739d02c510e9493c6e98d6ad1a05cda29ce07dc4e233bf153fb657a9eafe4478f468eb4821eb2327887fc4f389965d04a2c972097fa7e51e1eb320aee5613af3ea3a2a872e244ba8f7d573a8b37a39bf8b3985e1625de021b3afcc2bfdd459998b316de0233deec824ccb7b592b10f745a1262c51e9a9d7248e44ad535b6d6f1b82b2ec2ceb2886704181108000f05025a93b0ef021b0c050912cc0300000a0910fba0e67142cf57db0a770100873e53d7ecfded63422b4b2161897cbc90a845723a0518659e4d05554e3bb5b40100ce87892dad9692d44b0e5e631b52e2c48ce5cf26d856f26f8001041b1f7d6019',
'cipher-algo=aes256, compress-algo=2'
);
返回
\xc1c14e03707f2610377b0f3e1007ff778fd7160cd18db1068f9dfda6e7277e7173e2b810d5b4bd43c5b5967dab4ddcbf6f73b2e372f8cefe9f1e6b41940b51c08a9f166acea4230da3b773592b23d037f458182b5415de9de33ae7ece08ee87e68570a58dc55be09431afd185c96b0ee442a9ecf602ebc45782224edd2cf02d9bd049304a292824898f35db2793a31a485b6679896c9a63167003e34aa4cd10399a1d0fb6fbd0aaeff386626deb7ec133907b24d28e81212d03c3a53df3b8f3c621618eeb73ce6dd2778bf9fe542487199d66f87172c895b292a17c12b3774bc74ff25aedd64fa3e81a230cefc3feec12348dce2c83a9b668244ab75e42e2ca14c8a2e23f5113715d714df8c5b6f9807fd10a90c2ae12ea13ac620f7e523f0b71269d6422279e6426ac35f5ab45cbe7a3cdc47840db77da5a7c37b9afad1872bf306e5a63fbe576cd2321fdcf22d9f1ebe7e8bf032bbc7e9392954b444c39e653e4b59d34f279aae10e6accbd2937a9364199a2c70a305da7b75ac2b35c7738aa8e567fb551181f6a41a606e5573e60a667dd9d0a70a209b2607bb7bb1a0e636bebbb7d346095e233f5a16aab358b4c980ef55d170a4e8840ebd14c6f498628dabebfb651931ae9d6173b577f6ff581f14c67fed498ef8ccf33cdb79a828fd262db7f7851624808ca72e8d55b4a5f7a263252b5b3b601ce8076a3045431ed926d1ce34f05781baab85a1dac451c3095bf4d27001da506eac615ae906afe0bead178794aca966fbe75fb057507204786438b2c6357cca0ef90ecb595738e79a52602ce4e38eda341aa6bd2423c2fd1061ec1921b3e560360d56eec02d40d44bd3af7b4a01df2e0db51b8dddb93bbaee85644cd8e08e9436d506f030f461a6503932a528
使用该公钥对应的密钥解密数据
由于密钥使用了保护密码,所以需要在解密时,输入我们设置的密钥的密码hello123
select pgp_pub_decrypt(
'\xc1c14e03707f2610377b0f3e1007ff778fd7160cd18db1068f9dfda6e7277e7173e2b810d5b4bd43c5b5967dab4ddcbf6f73b2e372f8cefe9f1e6b41940b51c08a9f166acea4230da3b773592b23d037f458182b5415de9de33ae7ece08ee87e68570a58dc55be09431afd185c96b0ee442a9ecf602ebc45782224edd2cf02d9bd049304a292824898f35db2793a31a485b6679896c9a63167003e34aa4cd10399a1d0fb6fbd0aaeff386626deb7ec133907b24d28e81212d03c3a53df3b8f3c621618eeb73ce6dd2778bf9fe542487199d66f87172c895b292a17c12b3774bc74ff25aedd64fa3e81a230cefc3feec12348dce2c83a9b668244ab75e42e2ca14c8a2e23f5113715d714df8c5b6f9807fd10a90c2ae12ea13ac620f7e523f0b71269d6422279e6426ac35f5ab45cbe7a3cdc47840db77da5a7c37b9afad1872bf306e5a63fbe576cd2321fdcf22d9f1ebe7e8bf032bbc7e9392954b444c39e653e4b59d34f279aae10e6accbd2937a9364199a2c70a305da7b75ac2b35c7738aa8e567fb551181f6a41a606e5573e60a667dd9d0a70a209b2607bb7bb1a0e636bebbb7d346095e233f5a16aab358b4c980ef55d170a4e8840ebd14c6f498628dabebfb651931ae9d6173b577f6ff581f14c67fed498ef8ccf33cdb79a828fd262db7f7851624808ca72e8d55b4a5f7a263252b5b3b601ce8076a3045431ed926d1ce34f05781baab85a1dac451c3095bf4d27001da506eac615ae906afe0bead178794aca966fbe75fb057507204786438b2c6357cca0ef90ecb595738e79a52602ce4e38eda341aa6bd2423c2fd1061ec1921b3e560360d56eec02d40d44bd3af7b4a01df2e0db51b8dddb93bbaee85644cd8e08e9436d506f030f461a6503932a528',
'\x950379045a93b0ef110800fd7bee1f1cc55b3060b6659b8017823d89e2036aadba6d193e8967417e946877d6655d9e6378b7b070cf7400eae5e260d8570eb7846ac2edf5be33b9ca5d942b11c7226f411c93837f44fd8fb0fdfb4e9d48766de42e55f63fead2dc3b10d133f431d7946920592eec79f7721b4d27d5f3b452ab611d51ef18bf69a59e5397e5d47ed6607c76bef03bd12fddf879bc818f0178953e6d39d610d7e0fcf3ebcf983b0ce1631b8683e8c6ec707ba8c8beac5ce1b7e1520bf83df3115ce18449b6d2a74859793dfd9d0ec900059abacd63f019947f1ff93b2c08a6906c44affc7eb0e45b1c6a5a2417e258e26efdbc04525d584b96a589535dbf5caa5bee508d14170100dc4b732e60e635d4ea1480124c8e7d2713e83e486f00588d53ee2327a77aa49b07ff5e8e24f4ef0c61974cc5001a1a0055d1e9401017e126a3f301ea0be0dbaf7c230283310a3fd074105e90e2f7f5e52f88b10f9ca341cb440682e0fddbcf734123b6e0ab8cc852da12e1e6a59eb9b695f943193004a360b87caea111ff5666b9cffc8b48d3a10f5d29c38b65cd0c68b1768c2945e88ce869792091a5fd504e40abcf13207763f92d90f85401d28ea6ff1ca116118dfa91891c6922b6d05fe2063352755e6dce80b386cafe1ef085b11a15ef6779b94b6b3a76c8169714f07c54f5e7b56c14a52d891d9128723b74e6eb0fb9e11b45f54e99af0ef1775181caffe076fd91f87188f4a8f76af897209c29d8f87633a74f2eea8d21fd3ee2cf98551d08009cbf2999a70cf43b5e326326d724a8e1564a4531f4f85e3a430c82799099303f05aaa1ec18bdbf04bc5c8a500220fd6db0c0455680c42c67703097bdeed78b19359eb8cbf948a958ff829549f31f8f697735c85fbdfbd2c55674449c298c3097b3af83e41abbf8e6eb104807d85d3230a028098ed5e47a85959e7a55ccb92d24796da864eb663b722b80d56e31f79122f7e8df70a1f04898ddc7abefc2ed3f1ac47b2e6c464b265636cef830d643ca963d31a5c5be7a0ffbfb853787bddaa9e8b94d7c511483bce78759af9667b73c09c87a04e17998a5e09275a83c6356ef645b8c7d4e970af3c444960ef700b9a6409cbf3a402a114f604c360709fcac32b5fe030302703ca4907523fa6bde57de16237681f617db8db84194cc6db1364fda5edd5a211b9590563167d639aab248ea1d5b5b63a787e325417334eaafd936616200f48b589c2ffcc77211b41e6469676f616c20287465737429203c6469676f616c403132362e636f6d3e888104131108002905025a93b0ef021b03050912cc0300070b09080703020106150802090a0b0416020301021e01021780000a0910fba0e67142cf57dbf0a30100b4c3e0e66456ab491fa6c159c21c535a79b28bfd94867163d837dd5eb013518600ff55664500acc1bfe36bd34f94b88277e25e11fe22aecd82ed5f82f4f04752daf59d0263045a93b0ef100800ca2e34ef1c2d174ad00484b4fb2eb853965c350f610bb0a04eb6f3f397d3b35271764436ea8deeeddeb290dd3dead8960e7ab5ae95b6379f491c2198c1eb92dc854999563a3952f4d43add68b5a8d21582d6d398d5165fa12c840840a850647b8fabf5578d387b6949ceaad43e071915cf0c6edce60fe8fc39065c47e77e1f41eccba537b63da6a8468f2c093137d1131071d9749788d5f584debbf5314571a72ab19c428566345c358060e13f7320f95864ad9fb1a9e762987b2f9c7b89325982631e051da1c0c24ffcbe77cff9e9e60a6003cfcae0b4bef358e5192f6a450797652968ee3558c8392ab60e93788736a0477bee112f13db88c4b706cb548853000305080082a9f195c871a8f8bd8f14e90cd2f859e99c6557c17eb1790e671e2f9483ab1e7508d391ca05cf3d77de40946944a4ced5a68891151b637534ffa58e0b52aa356475e01f094f45125583e311557b9316cb91dda8865bb934af2e65d0f4bb8018fe09e14acda85c0eef268b112001befe49594f5b819392bb1fda739d02c510e9493c6e98d6ad1a05cda29ce07dc4e233bf153fb657a9eafe4478f468eb4821eb2327887fc4f389965d04a2c972097fa7e51e1eb320aee5613af3ea3a2a872e244ba8f7d573a8b37a39bf8b3985e1625de021b3afcc2bfdd459998b316de0233deec824ccb7b592b10f745a1262c51e9a9d7248e44ad535b6d6f1b82b2ec2ceb2fe030302703ca4907523fa6bde8decf603c8f13bc0723d45914a8b2b3646690bd4c23cbaeced3746de05718e98a2d354a648adbe312d04ee4d383c0f9b1d8cb7d8375c737a088e7477031bfc22c67937fca43ded5ed0886704181108000f05025a93b0ef021b0c050912cc0300000a0910fba0e67142cf57db0a7700ff644f53d2b328f17ebb6c7f5580a0003ec9d755abffa75c02b51a999f5491e1a50100a7de97f1b527eac054cebfa895d4bbdb91df94ac91a109869f61b75dd3d4047f',
'hello123'
);
返回
-[ RECORD 1 ]---+------------------------------------
pgp_pub_decrypt | 需要加密的文字,你好呀,我是digoal.
为了防止密钥泄露,建议在可靠的环境下使用密钥解密数据。(例如防止审计日志、网络传输类泄露)
三、混合加密
(1) 对称加密加密与解密使用的是同样的密钥,所以速度快,但由于需要将密钥在网络传输,所以安全性不高。
(2) 非对称加密使用了一对密钥,公钥与私钥,所以安全性高,但加密与解密速度慢。
(3) 解决的办法是将对称加密的密钥使用非对称加密的公钥进行加密,然后发送出去,接收方使用私钥进行解密得到对称加密的密钥,然后双方可以使用对称加密来进行沟通。
例如:
1、A使用公钥,对"密码1"进行加密
2、B使用私钥,解密加密的"密码1"
3、A|B使用"密码1",进行对称加密
4、B|A使用"密码1",进行对称解密
参考
《Greenplum , PostgreSQL pgcrypto 加密算法、mode、PAD的选择 - 与Oracle, MySQL的差异(安全性差异)》
《PostgreSQL 和 Greenplum pgcrypto 加解密bytea处理差异(convert, convert_from)》
《固若金汤 - PostgreSQL pgcrypto加密插件》
https://www.postgresql.org/docs/devel/static/pgcrypto.html
https://www.gnupg.org/gph/en/manual.html
http://fedoraproject.org/wiki/Creating_GPG_Keys
《[转载] 白话解释 非对称加密,电子签名,电子证书,根证书,HTTPS,PKI 到底是什么》
PostgreSQL 许愿链接
您的愿望将传达给PG kernel hacker、数据库厂商等, 帮助提高数据库产品质量和功能, 说不定下一个PG版本就有您提出的功能点. 针对非常好的提议,奖励限量版PG文化衫、纪念品、贴纸、PG热门书籍等,奖品丰富,快来许愿。开不开森.
9.9元购买3个月阿里云RDS PostgreSQL实例
PostgreSQL 解决方案集合
德哥 / digoal's github - 公益是一辈子的事.
