Announcement: libpkixpq 0.1 released

I am pleased to announce the initial release of "libpkixpq",
PostgreSQL user-defined types and functions that allow the
database to understand the basic PKIX types.

This release should be considered EXPERIMENTAL. This is
literally the first public release and the lack of known
bugs undoubtably speaks to my own poor testing skills, not
to the quality of the code.

The intention of this package is enable the database to extract
(and check) fields from PKIX objects, not to create new ones
or manipulate existing ones. The latter functions would best
be supported via a second set of user-defined functions.

One practical use of these types is to create "friendly" views
of PKIX fields:

create table x (x x509);

create view v as
select
x509_serial(x) as serial,
x509_subject(x) as subject,
x509_issuer(x) as issuer,
x509_notBefore(x) as notBefore,
x509_notAfter(x) as notAfter
from x;

A second practical use is supporting integrity checks on the
data:

create table cachedx (
x x509,
subject varchar(80)
constraint c1 check (subject = x509_subject(x))
);

This is not yet fully supported since there is no test for equality
of "x509_name" objects. You can compare individual components.

These new types are defined:

Certificates and bags:

x509
pkcs7
pkcs8
pkcs12

Other PKIX information:

x509_req
x509_crl
pubkey
rsapubkey
dsapubkey
dsaparams
dhparams

Miscellaneous

x509_name
asn1_integer (probably renamed in future)

A large number of accessor functions are also defined, see the
"test" directory for a list of these files and demonstrations of
their use.

Source:

1) Source is available at http://www.dimensional.com/~bgiles/

2) Source is released under a new-style BSD license.

3) Source can be built with either standard autoconf techniques,
or as a Debian package.

4) Ideally, the source will eventually be distributed as
contributed code with either the PostgreSQL or OpenSSL projects.

Requirements:

1) OpenSSL 0.9.6b was used during development, but (slightly) older
versions shouldn't be a problem.

2) PostgreSQL 7.1.3, primarily because all new types are "TOASTable"
to allow the contents to be moved out of the main table when necessary.

Known bugs:

1) Many internal functions still guess at how much memory will be
required to hold results, and silently truncate the output to 4k.
This has not been a problem during testing, but it's an unnecessary
restriction.

2) There is essentially no documentation yet.

3) Certificate times are parsed to the minute, not to the second,
and are presented as "abstime", not "datetime."

Future enhancements:

1) Make it possible to compare x509_name and asn1_integer objects
directly.

2) Add all arithmetic functions for asn1_integer.

Export stuff:

1) A copy of this notice has been sent to crypt@bxa.doc.gov.

--
Bear Giles
bgiles (at) coyotesong (dot) com