Participants
Nilesh Trivedi
Nilesh Trivedi
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1Nilesh TrivediNilesh Trivedi
Feb 04, 2018
#2Bruce MomjianBruce Momjianto Nilesh Trivedi (#1)
Mar 01, 2018

Support for ECDSA & ed25519 digital signatures in pgcrypto?

Started by Nilesh Trivediabout 8 years ago2 messageshackers
Jump to latest
#1Nilesh Trivedi
Nilesh Trivedi
nilesh.tr@gmail.com

I recently had to build ed25519 digital signature validation in PostgreSQL.
Since pgcrypto doesn't
support these methods, I had to look into PL/Python and PL/v8 based
implementations. The
experience turned out to be very poor (documented here:
https://gist.github.com/nileshtrivedi
/7cd622d4d521986593bff81bfa1e5893

I think OpenSSL already supports these encryption methods and it would be
great to have them
supported within pgcrypto - especially with the advent of distributed
systems like IPFS, public
blockchains like BitCoin, Ethereum. Elliptic curve cryptography has some
major advantages over
RSA: for both security and usability. Some are listed here:
https://ed25519.cr.yp.to/

Is somebody working on this? I'm not a C programmer but if needed, I can
look into implementing
this.

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Nilesh Trivedi (#1)
Re: Support for ECDSA & ed25519 digital signatures in pgcrypto?

On Sun, Feb 4, 2018 at 04:38:24PM +0530, Nilesh Trivedi wrote:

I recently had to build ed25519 digital signature validation in PostgreSQL.
Since pgcrypto doesn't
support these methods, I had to look into PL/Python and PL/v8 based
implementations. The
experience turned out to be very poor (documented here: https://gist.github.com
/nileshtrivedi
/7cd622d4d521986593bff81bfa1e5893

I think OpenSSL already supports these encryption methods and it would be great
to have them
supported within pgcrypto - especially with the advent of distributed systems
like IPFS, public
blockchains like BitCoin, Ethereum. Elliptic curve cryptography has some major
advantages over
RSA: for both security and usability. Some are listed here: https://
ed25519.cr.yp.to/

Is somebody working on this? I'm not a C programmer but if needed, I can look
into implementing
this.

I agree there is going to be a lot more focus on ECDSA because elliptic
curve cryptography is much more efficient for large key sizes, see:

https://momjian.us/main/writings/pgsql/tls.pdf#page=17

and RSA can't support elliptic curve. Chrome accessing mail.google.com
is already using ECDSA:

https://momjian.us/main/writings/pgsql/tls.pdf#page=16

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +
← Back to Topics