Functions + plpgsql + contrib/pgcrypto = ??
This is a discussion on Functions + plpgsql + contrib/pgcrypto = ?? within the pgsql Hackers forums, part of the PostgreSQL category; --> Hello there, What's the preferred and most efficient way to obtain PGCrypto encrypted data from a plpgsql function? 1. ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-11-2008, 04:12 AM
| ||||
| ||||
 Functions + plpgsql + contrib/pgcrypto = ?? Hello there, What's the preferred and most efficient way to obtain PGCrypto encrypted data from a plpgsql function? 1. Imagine the following simple table: CREATE TABLE crypto ( pid SERIAL PRIMARY KEY, title VARCHAR(50), crypted_content BYTEA ); 2. Now insert the following 3 rows of data: INSERT INTO crypto VALUES (1, 'test1', encrypt( '11112222ABCD', 'password', 'aes')); INSERT INTO crypto VALUES (2, 'test2', encrypt( '22223333BCDE', 'password', 'aes')); INSERT INTO crypto VALUES (3, 'test3', encrypt( '33334444CDEF', 'password', 'aes')); 3. Using the psql tool, selecting * from the crypto table yields the following: # select * from crypto; id | title | crypted_content ----+-------+------------------------------------------------ 1 | test1 | \307\266xI\235"\210a\363=\201\222\247\2660\215 2 | test2 | D\211\256E\372^Y\0259\341\215\271\030]\234\017 3 | test3 | 4\263\251y\006_N\343\0270I\207;\370\270\266 Pretty straight forward, right? Now how about doing this in a simple plpgsql Function. That's where we encounter problems. I want to get DECRYPTED data based on an input ID. So... 4. Imagine the following simple plpgsql function (note I'm trying to decrypt the table's encrypted BYTEA column into a decrypted VARCHAR upon return): CREATE OR REPLACE FUNCTION selectFromCrypto(INTEGER) RETURNS VARCHAR AS ' DECLARE crypto_cursor CURSOR (input INTEGER) FOR SELECT encode(decrypt(crypted_content, decode(''password''::text, ''escape''::text), ''aes''::text), ''escape''::text) FROM crypto WHERE id = input; crypto crypto.crypted_content%TYPE; tid ALIAS FOR $1; BEGIN OPEN crypto_cursor( tid ); LOOP FETCH crypto_cursor INTO crypto; EXIT WHEN NOT FOUND; END LOOP; CLOSE crypto_cursor; RETURN ( encode(crypto, ''escape''::text)::VARCHAR ); END; ' LANGUAGE 'plpgsql'; 5. When I use the above function (in the tool, psql) to get the decrypted contents for ID = 2, it says I get 1 row returned, but the contents are blank: # select * from selectFromCrypto(1); selectfromcrypto1 ------------------- (1 row) Notice the blank row returned... So what am I doing wrong? I suspect it has something to do with converting/encoding/decoding/decrypting the BYTEA column for return... but what is the problem with the above Function? I'm using PostgreSQL 7.4.6, on a Fedora Core 1 system. Best regards and thank you very much in advance, Michael Moran ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org      |
|
04-11-2008, 04:13 AM
| ||||
| ||||
| Re: Functions + plpgsql + contrib/pgcrypto = ?? On Thu, Mar 24, 2005 at 08:40:54AM -0800, Moran.Michael wrote: > # select * from crypto; > id | title | crypted_content > ----+-------+------------------------------------------------ > 1 | test1 | \307\266xI\235"\210a\363=\201\222\247\2660\215 > 2 | test2 | D\211\256E\372^Y\0259\341\215\271\030]\234\017 > 3 | test3 | 4\263\251y\006_N\343\0270I\207;\370\270\266 > > > Pretty straight forward, right? [ .. ] > Now how about doing this in a simple plpgsql Function. That's where we > encounter problems. I want to get DECRYPTED data based on an input ID. So... > > > 4. Imagine the following simple plpgsql function (note I'm trying to decrypt > the table's encrypted BYTEA column into a decrypted VARCHAR upon return): > > > CREATE OR REPLACE FUNCTION selectFromCrypto(INTEGER) > RETURNS VARCHAR > AS ' > DECLARE > crypto_cursor CURSOR (input INTEGER) FOR SELECT > encode(decrypt(crypted_content, decode(''password''::text, > ''escape''::text), ''aes''::text), ''escape''::text) FROM crypto WHERE id = > input; > crypto crypto.crypted_content%TYPE; > tid ALIAS FOR $1; > > BEGIN > OPEN crypto_cursor( tid ); > LOOP > FETCH crypto_cursor INTO crypto; > EXIT WHEN NOT FOUND; > END LOOP; > CLOSE crypto_cursor; > RETURN ( encode(crypto, ''escape''::text)::VARCHAR ); > END; > ' LANGUAGE 'plpgsql'; 1. Why the cursor? I'd do 'select decrypt() into crypto .. ' 2. After the loop, crypto is guaranteed to be null. 3. Why encode() 2 times? -- marko ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly |
Linear Mode
