PostgreSQL column cryptographic use pgcrypto extension and optional openssl lib
生活随笔
收集整理的這篇文章主要介紹了
PostgreSQL column cryptographic use pgcrypto extension and optional openssl lib
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
前面介紹了PostgreSQL 服務端和客戶端之間的數據傳輸加密, 還介紹了數據庫服務器的文件系統或者目錄加密. http://blog.163.com/digoal@126/blog/static/163877040201342233131835/ http://blog.163.com/digoal@126/blog/static/163877040201342383123592/ http://blog.163.com/digoal@126/blog/static/163877040201342335842432/ http://blog.163.com/digoal@126/blog/static/1638770402013423384517/ http://blog.163.com/digoal@126/blog/static/163877040201342443944861/ 但是要知道數據都是以明文存儲在數據庫中的。如果未使用數據傳輸加密的話, 數據一旦在傳輸中被截獲的話就很容易泄漏數據。 本文將要介紹的是數據內容的加密。 數據內容的加密可以在數據庫服務端進行加解密, 也可以在客戶端進行加解密.? 在數據庫服務端加解密的話, 網絡上傳輸的還是未加密的內容, 所以為了防御網絡數據截獲, 建議還是要搭配使用數據傳輸加密. 如果是在客戶端進行加解密的話, 網絡上傳輸的是加密后的內容, 所以不必擔心網絡數據截獲的問題. 下面以pgcrypto這個擴展包為例, 講一下數據庫服務端加密. 1. 創建pgcrypto擴展包
pg92@db-172-16-3-40-> psql -h 172.16.3.33 -p 1999 -U postgres digoal psql (9.2beta1, server 9.3devel) WARNING: psql version 9.2, server version 9.3.Some psql features might not work. SSL connection (cipher: RC4-SHA, bits: 128) Type "help" for help. digoal=# create extension pgcrypto; CREATE EXTENSION
2. 擴展包新建了一些加密和解密的函數. 詳見末尾部分.
下面主要針對新增的加解密函數進行講解. 3. 計算hash值的函數.
digest(data text, type text) returns bytea digest(data bytea, type text) returns bytea
type為算法.支持?md5, sha1, sha224, sha256, sha384, sha512. 如果編譯postgresql時時有了with-openssl選項, 則可以支持更多的算法. 例如 :
digoal=# select digest('I am digoal.', 'md5');digest ------------------------------------\xc3b0fb1147858d2259d92f20668fc8f9 (1 row) 每次運算得到的hash值都一樣. digoal=# select digest('I am digoal.', 'md5');digest ------------------------------------\xc3b0fb1147858d2259d92f20668fc8f9 (1 row)
但是請注意函數參數, 如果要對bytea hash, 那么請在輸入參數時指定參數類型bytea. 例如以下兩次調用分別調用了2個函數. 所以得到的結果也是不一樣的.
digoal=# select digest('\xffffff'::bytea, 'md5');digest ------------------------------------\x8597d4e7e65352a302b63e07bc01a7da (1 row) digoal=# select digest('\xffffff', 'md5');digest ------------------------------------\xd721f40e22920e0fd8ac7b13587aa92d (1 row)
hmac(data text, key text, type text) returns bytea hmac(data bytea, key text, type text) returns bytea 這兩個函數與digest類似, 只是多了一個key參數, 也就是說同一個被加密的值, 可以使用不同的key得到不同的hash值. 這樣的做法是, 不知道key的話, 也無法逆向破解原始值.? 使用hmac還有一個好處是, 使用digest如果原始值和hash值同時被別人修改了是無法知道是否被修改的. 但是使用hmac, 如果原始值被修改了, 同時key沒有泄漏的話, 那么hash值是無法被修改的, 因此就能夠知道原始值是否被修改過.
digoal=# select hmac('I am digoal.', 'this is a key', 'md5');hmac ------------------------------------\xc70d0fd2af2382ea8e0a7ffd9edcbd58 (1 row) digoal=# select hmac('I am digoal.', 'this is a key', 'md5');hmac ------------------------------------\xc70d0fd2af2382ea8e0a7ffd9edcbd58 (1 row) digoal=# select hmac('I am digoal.', 'this is b key', 'md5');hmac ------------------------------------\x4518090fb07fc672b66c829e43fd62dc (1 row) digoal=# select hmac('I am digoal.', 'this is b key', 'md5');hmac ------------------------------------\x4518090fb07fc672b66c829e43fd62dc (1 row)
如果key的長度超過了block size, 那么key會先hash一次, 然后hash值作為key.
4. 以上hash函數只要原始值一致, 每次得到的hash值是一樣的, 雖然hmac多了key的參數, 但是只要key和原始數據一樣, 得到的hash值也是一樣的. 這樣的加密很可能被逆向破解掉. 下面的2個函數主要是提高了逆向破解的難度, 增強了數據的安全性.
crypt(password text, salt text) returns text gen_salt(type text [, iter_count integer ]) returns text
crypt(), 用來計算hash值. gen_salt(), 用來產生隨機的參數給crypt. type參數為des, xdes, md5, bf. iter_count指迭代次數, 數字越大加密時間越長, 被破解需要的時間也越長.
xdes的iter_count必須為奇數. crypt和gen_salt結合使用的話, 同一個原始值, 每次得到的hash值是不一樣的.
digoal=# select crypt('this is a pwd source', gen_salt('md5'));crypt ------------------------------------$1$CAp4ifAa$p261Vfku7HDnwx8cuFhsq/ (1 row) digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$tvNK2H9mPu1tU5L6oAHdSeze5Hlz7G0y4oEKNg9SlGa06J2sywZHu (1 row)
# 每次運算可以得到不同的hash值.
digoal=# select crypt('this is a pwd source', gen_salt('md5'));crypt ------------------------------------$1$p2Sg93iZ$SCdUePtZVuyIJBDO1cEYh1 (1 row) digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$cgJiTAs55vMBqYR1kGMGXuMKZI4dsayna4wgEL4K7duYkD0g25ufW (1 row)
原因是gen_salt每次都會給出1個隨機值.
digoal=# select gen_salt('bf',10);gen_salt -------------------------------$2a$10$qY0amXGalzj14rooSpTf5e (1 row) digoal=# select gen_salt('bf',10);gen_salt -------------------------------$2a$10$TmqxqmOd8R3scnPk25Pp2O (1 row)
計算好hash后匹配是怎么做的呢? 看下面, hash值作為第二個參數, 得到的值就是hash值. 所以這樣就可以進行匹配了.
digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK (1 row) digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG (1 row) digoal=# select crypt('this is a pwd source', '$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG');crypt --------------------------------------------------------------$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG (1 row) digoal=# select crypt('this is a pwd source', '$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK');crypt --------------------------------------------------------------$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK (1 row)
假設用它來存密碼 :?
digoal=# create table userpwd(userid int8 primary key, pwd text); CREATE TABLE digoal=# insert into userpwd (userid,pwd) values (1, crypt('this is a pwd source', gen_salt('bf',10))); INSERT 0 1 輸入錯誤的密碼, 返回假 digoal=# select crypt('this is a error pwd source', pwd)=pwd from userpwd where userid =1;?column? ----------f (1 row) 輸入正確的密碼, 返回真 digoal=# select crypt('this is a pwd source', pwd)=pwd from userpwd where userid =1;?column? ----------t (1 row)
crypt支持的算法如下 :?
當然, crypt和gen_salt是以犧牲hash速度為代價來換取安全性的.
以上hash計算速度取自1.5G的奔騰4 CPU. 以及如下測試軟件 :
crypt-des and crypt-md5 algorithm numbers are taken from John the Ripper v1.6.38 -test output. md5 numbers are from mdcrack 1.2. sha1 numbers are from lcrack-20031130-beta. crypt-bf numbers are taken using a simple program that loops over 1000 8-character passwords. That way I can show the speed with different numbers of iterations. For reference: john -test shows 213 loops/sec for crypt-bf/5. (The very small difference in results is in accordance with the fact that the crypt-bf implementation in pgcrypto is the same one used in John the Ripper.)
原則上, iter_count的選擇以hash計算速度為準則, 以當前流行的CPU, 并且實測后取4-100每秒之間為宜.
5.?PGP 加密函數. PostgreSQL pgcrypto擴展包中的pgp加解密函數遵循OpenPGP (RFC 4880)標準. 加密的PGP消息由2部分組成 :? 1. 這個消息的會話密鑰, 會話密鑰可以是對稱密鑰或公鑰. 2. 使用該會話密鑰加密的數據, 可以選擇加密選項例如
compress-algo, unicode-mode, cipher-algo, compress-level, convert-crlf, disable-mdc, enable-session-key, s2k-mode, s2k-digest-algo, s2k-cipher-algo
使用對稱密鑰加解密的函數如下 :?
pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea pgp_sym_decrypt(msg bytea, psw text [, options text ]) returns text pgp_sym_decrypt_bytea(msg bytea, psw text [, options text ]) returns bytea
options參考pgcrypto加密選項部分. 5.1 對稱加密舉例 :
使用對稱密鑰加密, 這里的對稱密鑰為'pwd'字符串 : digoal=# select pgp_sym_encrypt('i am digoal', 'pwd', 'cipher-algo=bf, compress-algo=2, compress-level=9');pgp_sym_encrypt ------------------------------------------------------------------------------------------------------------------------------------ --------------------------------\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab 1e2474ff6d109dd083ce892cfa55706 (1 row) 解密也需要使用加密時的對稱密鑰 : digoal=# select pgp_sym_decrypt('\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706'::bytea, 'pwd');pgp_sym_decrypt -----------------i am digoal (1 row)
5.2 使用公鑰加解密的函數如下 :
pgp_pub_encrypt(data text, key bytea [, options text ]) returns bytea pgp_pub_encrypt_bytea(data bytea, key bytea [, options text ]) returns bytea pgp_pub_decrypt(msg bytea, key bytea [, psw text [, options text ]]) returns text pgp_pub_decrypt_bytea(msg bytea, key bytea [, psw text [, options text ]]) returns bytea
options參考pgcrypto加密選項部分. 公鑰加密舉例 :? 首先要使用gpg生成一對公鑰和密鑰. 當然你也可以生成很多對.? 加密用公鑰, 解密用對應的私鑰即可.? 公鑰和私鑰都可以放在客戶端, 這樣的話數據庫中只存儲加密后的數據, 攻擊者獲取數據后也無法對它進行解密. 生成一對公鑰密鑰
pg92@db-172-16-3-40-> gpg --gen-key gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.Please select what kind of key you want:(1) DSA and Elgamal (default)(2) DSA (sign only)(5) RSA (sign only) Your selection? 1 #選擇1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) #選擇2048 Requested keysize is 2048 bits Please specify how long the key should be valid.0 = key does not expire<n> = key expires in n days<n>w = key expires in n weeks<n>m = key expires in n months<n>y = key expires in n years Key is valid for? (0) #選擇0, 永不過期. Key does not expire at all Is this correct? (y/N) y #輸入yYou need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form:"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"Real name: digoal # 必須輸入的是name, 后面要用到這個name導出公鑰和密鑰. Email address: Comment: You selected this USER-ID:"digoal"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # 輸入O確認 You need a Passphrase to protect your secret key. # 這里可以選擇輸入保護密鑰的passphrase, 當然也可以不輸入留空. # 如果輸入了, 那么使用pgp_pub_decrypt函數解密數據時則需要輸入這個 passphrase. # 本例不輸入passphrase. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". # 馬上在另一個會話中執行ll -R /. 這樣可以讓服務器產生一些動作. 否則可能造成如下錯誤 : # Not enough random bytes available. Please do some other work to give We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++++++++++++.++++++++++.++++++++++..++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++.+++++.+++++.++++++++++++++++++++>.++++++++++....>+++++............<+++++............+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++++++++++++.+++++..+++++...+++++.+++++.++++++++++.++++++++++++++++++++..+++++.+++++.++++++++++..+++++++++++++++++++++++++.+++++++++++++++.++++++++++.+++++>.+++++.+++++>+++++.>+++++>+++++<+++++....+++++^^^ gpg: key 634F912F marked as ultimately trusted public and secret key created and signed.gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/634F912F 2013-05-25Key fingerprint = D2CD D9B8 F1C3 D940 33E9 9E94 DA32 0B23 634F 912F uid digoal sub 2048g/D670D845 2013-05-25
# 接下來要生成公鑰和密鑰. # 列出當前系統中的鑰匙串
pg92@db-172-16-3-40-> gpg --list-secret-keys /home/pg92/.gnupg/secring.gpg ----------------------------- sec 1024D/634F912F 2013-05-25 uid digoal ssb 2048g/D670D845 2013-05-25
# 導出uid=digoal的公鑰
pg92@db-172-16-3-40-> gpg -a --export digoal > public.key
# 導出uid=digoal的密鑰
pg92@db-172-16-3-40-> gpg -a --export-secret-keys digoal > secret.key
# 查看公鑰和密鑰內容 公鑰內容 :
pg92@db-172-16-3-40-> cat public.key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux)mQGiBFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUrQGZGlnb2FsiGAE ExECACAFAlGgIDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDaMgsjY0+R L6mpAJ97/he5t1uatNKyO5v00bfuq9hMrQCgyihwLNzCn3immQp1E8fsg0Rfmaq5 Ag0EUaAgORAIAPf4AB8dn2tYQlqOu3cC4g+yD95RV+lxERWLwMNzH1aVuSmBQzZA 7pZuAyt9Joy6kwgkcilWtP1XgwUQBnyfS5QOiqNAbDoKFZWxLVKPpvb8jk20zbiW vqH9IUVlMaRjJrY1kdC1ckPFmx17k4uFU9GKFrfx/VukaTBhK3iByUD4JGUvmqKJ vu3DX3JliIH4PJaBFxp/nOIy/66gPPz2DkSTBBNYTNVtMqkDLz2gcAWQ99TWsEXR skehPk9FSUDvrs62vC7ZsGmwihSMt/B/gQHc9rmEs5RkqNfyYKUoI4d5UCQdWnjI +V5Sppq6HQhRJ9M0ytoqmYJDKioKR0ewBQMAAwUH/jOZn7ei1rZLv0RP0Y+/E0RO kzpNmMuP+mNvZNrf/PCd1SvPxFZ2MNnhB0JN9a1OjJD8otqqvxMujyTx5z0RqD+7 mWKb/q96NpG+fApZNGt6YiTc4a9FV9jpf+fYZyfpOj/bmPpHIUtheGzx/+WIL9gH WDiFR0nP9uXZoDZotuPqEsH2acoIE4oB4lLBvajuDtwnAZlajHMgXZD9W/xzdAlR 5frfGNVIdvylwN2SOfSavl4VM4hG1uFc2J4szmivK0TesP1UcIdxnTlTvFieEqaP 2rpG6WfVVO7N5ZiWXYOuazzRSEtfTjnGZRnx+WmkUb5KNvVhSg8F7oB7WrKMH/2I SQQYEQIACQUCUaAgOQIbDAAKCRDaMgsjY0+RLx/TAJ4uAleVExWDEVSbNeqm9wBk gRNGbgCeK648ARQH8pBNHcX/hsefvah7TO4= =XGEV -----END PGP PUBLIC KEY BLOCK-----
私鑰內容 :?
pg92@db-172-16-3-40-> cat secret.key -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux)lQG7BFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUgAAn2j3pAZqpbN3 xfFFL2YYhP+ePmrnCzm0BmRpZ29hbIhgBBMRAgAgBQJRoCA4AhsDBgsJCAcDAgQV AggDBBYCAwECHgECF4AACgkQ2jILI2NPkS+pqQCfe/4XubdbmrTSsjub9NG37qvY TK0AoMoocCzcwp94ppkKdRPH7INEX5mqnQI9BFGgIDkQCAD3+AAfHZ9rWEJajrt3 AuIPsg/eUVfpcREVi8DDcx9WlbkpgUM2QO6WbgMrfSaMupMIJHIpVrT9V4MFEAZ8 n0uUDoqjQGw6ChWVsS1Sj6b2/I5NtM24lr6h/SFFZTGkYya2NZHQtXJDxZsde5OL hVPRiha38f1bpGkwYSt4gclA+CRlL5qiib7tw19yZYiB+DyWgRcaf5ziMv+uoDz8 9g5EkwQTWEzVbTKpAy89oHAFkPfU1rBF0bJHoT5PRUlA767Otrwu2bBpsIoUjLfw f4EB3Pa5hLOUZKjX8mClKCOHeVAkHVp4yPleUqaauh0IUSfTNMraKpmCQyoqCkdH sAUDAAMFB/4zmZ+3ota2S79ET9GPvxNETpM6TZjLj/pjb2Ta3/zwndUrz8RWdjDZ 4QdCTfWtToyQ/KLaqr8TLo8k8ec9Eag/u5lim/6vejaRvnwKWTRremIk3OGvRVfY 6X/n2Gcn6To/25j6RyFLYXhs8f/liC/YB1g4hUdJz/bl2aA2aLbj6hLB9mnKCBOK AeJSwb2o7g7cJwGZWoxzIF2Q/Vv8c3QJUeX63xjVSHb8pcDdkjn0mr5eFTOIRtbh XNieLM5orytE3rD9VHCHcZ05U7xYnhKmj9q6Ruln1VTuzeWYll2Drms80UhLX045 xmUZ8flppFG+Sjb1YUoPBe6Ae1qyjB/9AAFUCNmPaOMHsDg6bZpo7ApZJbJsiW6Z BTCojWYF4E2C+5bPQoietziIE5V6LhPdiEkEGBECAAkFAlGgIDkCGwwACgkQ2jIL I2NPkS8f0wCgpSCnhRw+soY+Fpg5t7IHjusqNt0An0EeMye7x5uyQc2ikmVtgfZu NOxi =FwrW -----END PGP PRIVATE KEY BLOCK-----
# 使用公鑰加密數據, 使用私鑰解密數據時, # pgcrypto 需要字節流數據. # 所以在使用公鑰和私鑰前請先把他們轉換為bytea. 轉換公鑰為bytea :
digoal=# select dearmor('-----BEGIN PGP PUBLIC KEY BLOCK----- digoal'# Version: GnuPG v1.4.5 (GNU/Linux) digoal'# digoal'# mQGiBFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y digoal'# RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 digoal'# awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 digoal'# FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt digoal'# UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 digoal'# sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ digoal'# LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P digoal'# A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF digoal'# IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUrQGZGlnb2FsiGAE digoal'# ExECACAFAlGgIDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDaMgsjY0+R digoal'# L6mpAJ97/he5t1uatNKyO5v00bfuq9hMrQCgyihwLNzCn3immQp1E8fsg0Rfmaq5 digoal'# Ag0EUaAgORAIAPf4AB8dn2tYQlqOu3cC4g+yD95RV+lxERWLwMNzH1aVuSmBQzZA digoal'# 7pZuAyt9Joy6kwgkcilWtP1XgwUQBnyfS5QOiqNAbDoKFZWxLVKPpvb8jk20zbiW digoal'# vqH9IUVlMaRjJrY1kdC1ckPFmx17k4uFU9GKFrfx/VukaTBhK3iByUD4JGUvmqKJ digoal'# vu3DX3JliIH4PJaBFxp/nOIy/66gPPz2DkSTBBNYTNVtMqkDLz2gcAWQ99TWsEXR digoal'# skehPk9FSUDvrs62vC7ZsGmwihSMt/B/gQHc9rmEs5RkqNfyYKUoI4d5UCQdWnjI digoal'# +V5Sppq6HQhRJ9M0ytoqmYJDKioKR0ewBQMAAwUH/jOZn7ei1rZLv0RP0Y+/E0RO digoal'# kzpNmMuP+mNvZNrf/PCd1SvPxFZ2MNnhB0JN9a1OjJD8otqqvxMujyTx5z0RqD+7 digoal'# mWKb/q96NpG+fApZNGt6YiTc4a9FV9jpf+fYZyfpOj/bmPpHIUtheGzx/+WIL9gH digoal'# WDiFR0nP9uXZoDZotuPqEsH2acoIE4oB4lLBvajuDtwnAZlajHMgXZD9W/xzdAlR digoal'# 5frfGNVIdvylwN2SOfSavl4VM4hG1uFc2J4szmivK0TesP1UcIdxnTlTvFieEqaP digoal'# 2rpG6WfVVO7N5ZiWXYOuazzRSEtfTjnGZRnx+WmkUb5KNvVhSg8F7oB7WrKMH/2I digoal'# SQQYEQIACQUCUaAgOQIbDAAKCRDaMgsjY0+RLx/TAJ4uAleVExWDEVSbNeqm9wBk digoal'# gRNGbgCeK648ARQH8pBNHcX/hsefvah7TO4= digoal'# =XGEV digoal'# -----END PGP PUBLIC KEY BLOCK-----'); 得到 \x9901a20451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef93 2a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c 5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de 334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3 b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d362 1955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df766 2ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d3352b4066469676f616c8860041311020020050251a02038021b03060b0908070302041502080304160 20301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99a ab9020d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4f d57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba4693 0612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4 f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a474 7b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f2 4f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03 668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce6 8af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ff d8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd3009e2e02579513158311549b35eaa6f700648113466e009e2bae3c011407f2904d1dc 5ff86c79fbda87b4cee
轉換私鑰為bytea :?
digoal=# select dearmor('-----BEGIN PGP PRIVATE KEY BLOCK----- digoal'# Version: GnuPG v1.4.5 (GNU/Linux) digoal'# digoal'# lQG7BFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y digoal'# RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 digoal'# awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 digoal'# FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt digoal'# UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 digoal'# sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ digoal'# LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P digoal'# A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF digoal'# IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUgAAn2j3pAZqpbN3 digoal'# xfFFL2YYhP+ePmrnCzm0BmRpZ29hbIhgBBMRAgAgBQJRoCA4AhsDBgsJCAcDAgQV digoal'# AggDBBYCAwECHgECF4AACgkQ2jILI2NPkS+pqQCfe/4XubdbmrTSsjub9NG37qvY digoal'# TK0AoMoocCzcwp94ppkKdRPH7INEX5mqnQI9BFGgIDkQCAD3+AAfHZ9rWEJajrt3 digoal'# AuIPsg/eUVfpcREVi8DDcx9WlbkpgUM2QO6WbgMrfSaMupMIJHIpVrT9V4MFEAZ8 digoal'# n0uUDoqjQGw6ChWVsS1Sj6b2/I5NtM24lr6h/SFFZTGkYya2NZHQtXJDxZsde5OL digoal'# hVPRiha38f1bpGkwYSt4gclA+CRlL5qiib7tw19yZYiB+DyWgRcaf5ziMv+uoDz8 digoal'# 9g5EkwQTWEzVbTKpAy89oHAFkPfU1rBF0bJHoT5PRUlA767Otrwu2bBpsIoUjLfw digoal'# f4EB3Pa5hLOUZKjX8mClKCOHeVAkHVp4yPleUqaauh0IUSfTNMraKpmCQyoqCkdH digoal'# sAUDAAMFB/4zmZ+3ota2S79ET9GPvxNETpM6TZjLj/pjb2Ta3/zwndUrz8RWdjDZ digoal'# 4QdCTfWtToyQ/KLaqr8TLo8k8ec9Eag/u5lim/6vejaRvnwKWTRremIk3OGvRVfY digoal'# 6X/n2Gcn6To/25j6RyFLYXhs8f/liC/YB1g4hUdJz/bl2aA2aLbj6hLB9mnKCBOK digoal'# AeJSwb2o7g7cJwGZWoxzIF2Q/Vv8c3QJUeX63xjVSHb8pcDdkjn0mr5eFTOIRtbh digoal'# XNieLM5orytE3rD9VHCHcZ05U7xYnhKmj9q6Ruln1VTuzeWYll2Drms80UhLX045 digoal'# xmUZ8flppFG+Sjb1YUoPBe6Ae1qyjB/9AAFUCNmPaOMHsDg6bZpo7ApZJbJsiW6Z digoal'# BTCojWYF4E2C+5bPQoietziIE5V6LhPdiEkEGBECAAkFAlGgIDkCGwwACgkQ2jIL digoal'# I2NPkS8f0wCgpSCnhRw+soY+Fpg5t7IHjusqNt0An0EeMye7x5uyQc2ikmVtgfZu digoal'# NOxi digoal'# =FwrW digoal'# -----END PGP PRIVATE KEY BLOCK-----'); 得到 : \x9501bb0451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef93 2a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c 5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de 334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3 b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d362 1955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df766 2ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d335200009f68f7a4066aa5b377c5f1452f661884ff9e3e6ae70b39b4066469676f616c8860041311020 020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eea bd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aa9d023d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731 f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a4632 6b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930 413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5 a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd 52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb9 8fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf1 8d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4 e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd00015408d98f68e307b0383a6d9a68ec0a5925b26c896e990530a88d6605e04d82fb96cf42889eb73 88813957a2e13dd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd300a0a520a7851c3eb2863e169839b7b2078eeb2a36dd009f411e332 7bbc79bb241cda292656d81f66e34ec62
使用公鑰加密字符串'i am digoal' :?
digoal=# select pgp_pub_encrypt('i am digoal', '\x9901a20451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d3352b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aab9020d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd3009e2e02579513158311549b35eaa6f700648113466e009e2bae3c011407f2904d1dc5ff86c79fbda87b4cee');
加密后的數據 :?
\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e 9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81a a4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5d d211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c 02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b522 0f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903 f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd4 9bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7 f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4
使用私鑰解密這串bytea.
digoal=# select pgp_pub_decrypt('\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4','\x9501bb0451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d335200009f68f7a4066aa5b377c5f1452f661884ff9e3e6ae70b39b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aa9d023d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd00015408d98f68e307b0383a6d9a68ec0a5925b26c896e990530a88d6605e04d82fb96cf42889eb7388813957a2e13dd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd300a0a520a7851c3eb2863e169839b7b2078eeb2a36dd009f411e3327bbc79bb241cda292656d81f66e34ec62');pgp_pub_decrypt -----------------i am digoal (1 row)
5.3 使用pgp_key_id可以在加密后的數據中取出這分數據是通過對稱密鑰還是公鑰加密的
pgp_key_id(bytea) returns text
例如 :
digoal=# select pgp_key_id('\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706');pgp_key_id ------------SYMKEY (1 row) digoal=# select pgp_key_id('\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4');pgp_key_id ------------------1B437BCCD670D845 (1 row)
5.4 使用以下函數可以將加密后的數據bytea, 轉換成PGP ASCII-armor格式. 或者反向轉換
armor(data bytea) returns text dearmor(data text) returns bytea
5.5 用于產生隨機的加密數據bytea的函數 :
gen_random_bytes(count integer) returns bytea
[小結] 1. crypt+gen_salt?加密速度慢, 被破解的難度高.?密碼字符串通常較短, 并且有非常高的安全要求, 所以比較適合用于對密碼字段進行加密. 2. 對稱加密則比較適合數據量較大, 并且有安全需求的加密. 通常為了使用方便加密的密鑰可以存儲在本地庫中, 為了提高安全, 也可以把加密的密鑰存儲在客戶端或者其他數據庫中. 3. 公鑰加密手段與對稱加密類似, 只是需要生成鑰匙對. 使用公鑰加密后的數據解密需要用到對應的私鑰. 如果私鑰加了passphrase保護, 解密時還需要提供私鑰的passphrase.
[參考]1.?http://www.postgresql.org/docs/9.3/static/pgcrypto.html 2.?http://www.gnupg.org/gph/en/manual.html
3.?http://blog.163.com/digoal@126/blog/static/163877040201342233131835/ 4.?http://blog.163.com/digoal@126/blog/static/163877040201342383123592/ 5.?http://blog.163.com/digoal@126/blog/static/163877040201342335842432/ 6.?http://blog.163.com/digoal@126/blog/static/1638770402013423384517/ 7.?http://blog.163.com/digoal@126/blog/static/163877040201342443944861/ 8. pgcrypto擴展包新建的函數 :
[root@db-172-16-3-33 extension]# cat pgcrypto--1.0.sql /* contrib/pgcrypto/pgcrypto--1.0.sql */-- complain if script is sourced in psql, rather than via CREATE EXTENSION \echo Use "CREATE EXTENSION pgcrypto" to load this file. \quitCREATE FUNCTION digest(text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_digest' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION digest(bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_digest' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION hmac(text, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_hmac' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION hmac(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_hmac' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION crypt(text, text) RETURNS text AS 'MODULE_PATHNAME', 'pg_crypt' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION gen_salt(text) RETURNS text AS 'MODULE_PATHNAME', 'pg_gen_salt' LANGUAGE C VOLATILE STRICT;CREATE FUNCTION gen_salt(text, int4) RETURNS text AS 'MODULE_PATHNAME', 'pg_gen_salt_rounds' LANGUAGE C VOLATILE STRICT;CREATE FUNCTION encrypt(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_encrypt' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION decrypt(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_decrypt' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION encrypt_iv(bytea, bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_encrypt_iv' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION decrypt_iv(bytea, bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_decrypt_iv' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION gen_random_bytes(int4) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_random_bytes' LANGUAGE C VOLATILE STRICT;-- -- pgp_sym_encrypt(data, key) -- CREATE FUNCTION pgp_sym_encrypt(text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_sym_encrypt_bytea(bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_sym_encrypt(data, key, args) -- CREATE FUNCTION pgp_sym_encrypt(text, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_sym_encrypt_bytea(bytea, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_sym_decrypt(data, key) -- CREATE FUNCTION pgp_sym_decrypt(bytea, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_sym_decrypt_bytea(bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_sym_decrypt(data, key, args) -- CREATE FUNCTION pgp_sym_decrypt(bytea, text, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_sym_decrypt_bytea(bytea, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_pub_encrypt(data, key) -- CREATE FUNCTION pgp_pub_encrypt(text, bytea) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_pub_encrypt_bytea(bytea, bytea) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_pub_encrypt(data, key, args) -- CREATE FUNCTION pgp_pub_encrypt(text, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_pub_encrypt_bytea(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_pub_decrypt(data, key) -- CREATE FUNCTION pgp_pub_decrypt(bytea, bytea) RETURNS text AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_pub_decrypt_bytea(bytea, bytea) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_pub_decrypt(data, key, psw) -- CREATE FUNCTION pgp_pub_decrypt(bytea, bytea, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_pub_decrypt_bytea(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_pub_decrypt(data, key, psw, arg) -- CREATE FUNCTION pgp_pub_decrypt(bytea, bytea, text, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_pub_decrypt_bytea(bytea, bytea, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- PGP key ID -- CREATE FUNCTION pgp_key_id(bytea) RETURNS text AS 'MODULE_PATHNAME', 'pgp_key_id_w' LANGUAGE C IMMUTABLE STRICT;-- -- pgp armor -- CREATE FUNCTION armor(bytea) RETURNS text AS 'MODULE_PATHNAME', 'pg_armor' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION dearmor(text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_dearmor' LANGUAGE C IMMUTABLE STRICT;
pg92@db-172-16-3-40-> psql -h 172.16.3.33 -p 1999 -U postgres digoal psql (9.2beta1, server 9.3devel) WARNING: psql version 9.2, server version 9.3.Some psql features might not work. SSL connection (cipher: RC4-SHA, bits: 128) Type "help" for help. digoal=# create extension pgcrypto; CREATE EXTENSION
2. 擴展包新建了一些加密和解密的函數. 詳見末尾部分.
下面主要針對新增的加解密函數進行講解. 3. 計算hash值的函數.
digest(data text, type text) returns bytea digest(data bytea, type text) returns bytea
type為算法.支持?md5, sha1, sha224, sha256, sha384, sha512. 如果編譯postgresql時時有了with-openssl選項, 則可以支持更多的算法. 例如 :
digoal=# select digest('I am digoal.', 'md5');digest ------------------------------------\xc3b0fb1147858d2259d92f20668fc8f9 (1 row) 每次運算得到的hash值都一樣. digoal=# select digest('I am digoal.', 'md5');digest ------------------------------------\xc3b0fb1147858d2259d92f20668fc8f9 (1 row)
但是請注意函數參數, 如果要對bytea hash, 那么請在輸入參數時指定參數類型bytea. 例如以下兩次調用分別調用了2個函數. 所以得到的結果也是不一樣的.
digoal=# select digest('\xffffff'::bytea, 'md5');digest ------------------------------------\x8597d4e7e65352a302b63e07bc01a7da (1 row) digoal=# select digest('\xffffff', 'md5');digest ------------------------------------\xd721f40e22920e0fd8ac7b13587aa92d (1 row)
hmac(data text, key text, type text) returns bytea hmac(data bytea, key text, type text) returns bytea 這兩個函數與digest類似, 只是多了一個key參數, 也就是說同一個被加密的值, 可以使用不同的key得到不同的hash值. 這樣的做法是, 不知道key的話, 也無法逆向破解原始值.? 使用hmac還有一個好處是, 使用digest如果原始值和hash值同時被別人修改了是無法知道是否被修改的. 但是使用hmac, 如果原始值被修改了, 同時key沒有泄漏的話, 那么hash值是無法被修改的, 因此就能夠知道原始值是否被修改過.
digoal=# select hmac('I am digoal.', 'this is a key', 'md5');hmac ------------------------------------\xc70d0fd2af2382ea8e0a7ffd9edcbd58 (1 row) digoal=# select hmac('I am digoal.', 'this is a key', 'md5');hmac ------------------------------------\xc70d0fd2af2382ea8e0a7ffd9edcbd58 (1 row) digoal=# select hmac('I am digoal.', 'this is b key', 'md5');hmac ------------------------------------\x4518090fb07fc672b66c829e43fd62dc (1 row) digoal=# select hmac('I am digoal.', 'this is b key', 'md5');hmac ------------------------------------\x4518090fb07fc672b66c829e43fd62dc (1 row)
如果key的長度超過了block size, 那么key會先hash一次, 然后hash值作為key.
4. 以上hash函數只要原始值一致, 每次得到的hash值是一樣的, 雖然hmac多了key的參數, 但是只要key和原始數據一樣, 得到的hash值也是一樣的. 這樣的加密很可能被逆向破解掉. 下面的2個函數主要是提高了逆向破解的難度, 增強了數據的安全性.
crypt(password text, salt text) returns text gen_salt(type text [, iter_count integer ]) returns text
crypt(), 用來計算hash值. gen_salt(), 用來產生隨機的參數給crypt. type參數為des, xdes, md5, bf. iter_count指迭代次數, 數字越大加密時間越長, 被破解需要的時間也越長.
Table F-16. Iteration Counts for?crypt()
| xdes | 725 | 1 | 16777215 |
| bf | 6 | 4 | 31 |
digoal=# select crypt('this is a pwd source', gen_salt('md5'));crypt ------------------------------------$1$CAp4ifAa$p261Vfku7HDnwx8cuFhsq/ (1 row) digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$tvNK2H9mPu1tU5L6oAHdSeze5Hlz7G0y4oEKNg9SlGa06J2sywZHu (1 row)
# 每次運算可以得到不同的hash值.
digoal=# select crypt('this is a pwd source', gen_salt('md5'));crypt ------------------------------------$1$p2Sg93iZ$SCdUePtZVuyIJBDO1cEYh1 (1 row) digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$cgJiTAs55vMBqYR1kGMGXuMKZI4dsayna4wgEL4K7duYkD0g25ufW (1 row)
原因是gen_salt每次都會給出1個隨機值.
digoal=# select gen_salt('bf',10);gen_salt -------------------------------$2a$10$qY0amXGalzj14rooSpTf5e (1 row) digoal=# select gen_salt('bf',10);gen_salt -------------------------------$2a$10$TmqxqmOd8R3scnPk25Pp2O (1 row)
計算好hash后匹配是怎么做的呢? 看下面, hash值作為第二個參數, 得到的值就是hash值. 所以這樣就可以進行匹配了.
digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK (1 row) digoal=# select crypt('this is a pwd source', gen_salt('bf',10));crypt --------------------------------------------------------------$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG (1 row) digoal=# select crypt('this is a pwd source', '$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG');crypt --------------------------------------------------------------$2a$10$X7D5eMxcaXNn.BPkPnb1GuSVxDUjNiO5M/9ss9GLHpgGq6s3hbPrG (1 row) digoal=# select crypt('this is a pwd source', '$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK');crypt --------------------------------------------------------------$2a$10$x5bQ0wcHc0.li1XcDbzSyOvpjPOKlzg.psbNaA33VH.gAfKbA7.IK (1 row)
假設用它來存密碼 :?
digoal=# create table userpwd(userid int8 primary key, pwd text); CREATE TABLE digoal=# insert into userpwd (userid,pwd) values (1, crypt('this is a pwd source', gen_salt('bf',10))); INSERT 0 1 輸入錯誤的密碼, 返回假 digoal=# select crypt('this is a error pwd source', pwd)=pwd from userpwd where userid =1;?column? ----------f (1 row) 輸入正確的密碼, 返回真 digoal=# select crypt('this is a pwd source', pwd)=pwd from userpwd where userid =1;?column? ----------t (1 row)
crypt支持的算法如下 :?
Table F-15. Supported Algorithms for?crypt()
| bf | 72 | yes | 128 | Blowfish-based, variant 2a |
| md5 | unlimited | no | 48 | MD5-based crypt |
| xdes | 8 | yes | 24 | Extended DES |
| des | 8 | no | 12 | Original UNIX crypt |
| crypt-bf/8 | 28 | 246 years | 251322 years |
| crypt-bf/7 | 57 | 121 years | 123457 years |
| crypt-bf/6 | 112 | 62 years | 62831 years |
| crypt-bf/5 | 211 | 33 years | 33351 years |
| crypt-md5 | 2681 | 2.6 years | 2625 years |
| crypt-des | 362837 | 7 days | 19 years |
| sha1 | 590223 | 4 days | 12 years |
| md5 | 2345086 | 1 day | 3 years |
crypt-des and crypt-md5 algorithm numbers are taken from John the Ripper v1.6.38 -test output. md5 numbers are from mdcrack 1.2. sha1 numbers are from lcrack-20031130-beta. crypt-bf numbers are taken using a simple program that loops over 1000 8-character passwords. That way I can show the speed with different numbers of iterations. For reference: john -test shows 213 loops/sec for crypt-bf/5. (The very small difference in results is in accordance with the fact that the crypt-bf implementation in pgcrypto is the same one used in John the Ripper.)
原則上, iter_count的選擇以hash計算速度為準則, 以當前流行的CPU, 并且實測后取4-100每秒之間為宜.
5.?PGP 加密函數. PostgreSQL pgcrypto擴展包中的pgp加解密函數遵循OpenPGP (RFC 4880)標準. 加密的PGP消息由2部分組成 :? 1. 這個消息的會話密鑰, 會話密鑰可以是對稱密鑰或公鑰. 2. 使用該會話密鑰加密的數據, 可以選擇加密選項例如
compress-algo, unicode-mode, cipher-algo, compress-level, convert-crlf, disable-mdc, enable-session-key, s2k-mode, s2k-digest-algo, s2k-cipher-algo
使用對稱密鑰加解密的函數如下 :?
pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea pgp_sym_decrypt(msg bytea, psw text [, options text ]) returns text pgp_sym_decrypt_bytea(msg bytea, psw text [, options text ]) returns bytea
options參考pgcrypto加密選項部分. 5.1 對稱加密舉例 :
使用對稱密鑰加密, 這里的對稱密鑰為'pwd'字符串 : digoal=# select pgp_sym_encrypt('i am digoal', 'pwd', 'cipher-algo=bf, compress-algo=2, compress-level=9');pgp_sym_encrypt ------------------------------------------------------------------------------------------------------------------------------------ --------------------------------\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab 1e2474ff6d109dd083ce892cfa55706 (1 row) 解密也需要使用加密時的對稱密鑰 : digoal=# select pgp_sym_decrypt('\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706'::bytea, 'pwd');pgp_sym_decrypt -----------------i am digoal (1 row)
5.2 使用公鑰加解密的函數如下 :
pgp_pub_encrypt(data text, key bytea [, options text ]) returns bytea pgp_pub_encrypt_bytea(data bytea, key bytea [, options text ]) returns bytea pgp_pub_decrypt(msg bytea, key bytea [, psw text [, options text ]]) returns text pgp_pub_decrypt_bytea(msg bytea, key bytea [, psw text [, options text ]]) returns bytea
options參考pgcrypto加密選項部分. 公鑰加密舉例 :? 首先要使用gpg生成一對公鑰和密鑰. 當然你也可以生成很多對.? 加密用公鑰, 解密用對應的私鑰即可.? 公鑰和私鑰都可以放在客戶端, 這樣的話數據庫中只存儲加密后的數據, 攻擊者獲取數據后也無法對它進行解密. 生成一對公鑰密鑰
pg92@db-172-16-3-40-> gpg --gen-key gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.Please select what kind of key you want:(1) DSA and Elgamal (default)(2) DSA (sign only)(5) RSA (sign only) Your selection? 1 #選擇1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) #選擇2048 Requested keysize is 2048 bits Please specify how long the key should be valid.0 = key does not expire<n> = key expires in n days<n>w = key expires in n weeks<n>m = key expires in n months<n>y = key expires in n years Key is valid for? (0) #選擇0, 永不過期. Key does not expire at all Is this correct? (y/N) y #輸入yYou need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form:"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"Real name: digoal # 必須輸入的是name, 后面要用到這個name導出公鑰和密鑰. Email address: Comment: You selected this USER-ID:"digoal"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # 輸入O確認 You need a Passphrase to protect your secret key. # 這里可以選擇輸入保護密鑰的passphrase, 當然也可以不輸入留空. # 如果輸入了, 那么使用pgp_pub_decrypt函數解密數據時則需要輸入這個 passphrase. # 本例不輸入passphrase. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". # 馬上在另一個會話中執行ll -R /. 這樣可以讓服務器產生一些動作. 否則可能造成如下錯誤 : # Not enough random bytes available. Please do some other work to give We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++++++++++++.++++++++++.++++++++++..++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++.+++++.+++++.++++++++++++++++++++>.++++++++++....>+++++............<+++++............+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++++++++++++.+++++..+++++...+++++.+++++.++++++++++.++++++++++++++++++++..+++++.+++++.++++++++++..+++++++++++++++++++++++++.+++++++++++++++.++++++++++.+++++>.+++++.+++++>+++++.>+++++>+++++<+++++....+++++^^^ gpg: key 634F912F marked as ultimately trusted public and secret key created and signed.gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/634F912F 2013-05-25Key fingerprint = D2CD D9B8 F1C3 D940 33E9 9E94 DA32 0B23 634F 912F uid digoal sub 2048g/D670D845 2013-05-25
# 接下來要生成公鑰和密鑰. # 列出當前系統中的鑰匙串
pg92@db-172-16-3-40-> gpg --list-secret-keys /home/pg92/.gnupg/secring.gpg ----------------------------- sec 1024D/634F912F 2013-05-25 uid digoal ssb 2048g/D670D845 2013-05-25
# 導出uid=digoal的公鑰
pg92@db-172-16-3-40-> gpg -a --export digoal > public.key
# 導出uid=digoal的密鑰
pg92@db-172-16-3-40-> gpg -a --export-secret-keys digoal > secret.key
# 查看公鑰和密鑰內容 公鑰內容 :
pg92@db-172-16-3-40-> cat public.key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux)mQGiBFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUrQGZGlnb2FsiGAE ExECACAFAlGgIDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDaMgsjY0+R L6mpAJ97/he5t1uatNKyO5v00bfuq9hMrQCgyihwLNzCn3immQp1E8fsg0Rfmaq5 Ag0EUaAgORAIAPf4AB8dn2tYQlqOu3cC4g+yD95RV+lxERWLwMNzH1aVuSmBQzZA 7pZuAyt9Joy6kwgkcilWtP1XgwUQBnyfS5QOiqNAbDoKFZWxLVKPpvb8jk20zbiW vqH9IUVlMaRjJrY1kdC1ckPFmx17k4uFU9GKFrfx/VukaTBhK3iByUD4JGUvmqKJ vu3DX3JliIH4PJaBFxp/nOIy/66gPPz2DkSTBBNYTNVtMqkDLz2gcAWQ99TWsEXR skehPk9FSUDvrs62vC7ZsGmwihSMt/B/gQHc9rmEs5RkqNfyYKUoI4d5UCQdWnjI +V5Sppq6HQhRJ9M0ytoqmYJDKioKR0ewBQMAAwUH/jOZn7ei1rZLv0RP0Y+/E0RO kzpNmMuP+mNvZNrf/PCd1SvPxFZ2MNnhB0JN9a1OjJD8otqqvxMujyTx5z0RqD+7 mWKb/q96NpG+fApZNGt6YiTc4a9FV9jpf+fYZyfpOj/bmPpHIUtheGzx/+WIL9gH WDiFR0nP9uXZoDZotuPqEsH2acoIE4oB4lLBvajuDtwnAZlajHMgXZD9W/xzdAlR 5frfGNVIdvylwN2SOfSavl4VM4hG1uFc2J4szmivK0TesP1UcIdxnTlTvFieEqaP 2rpG6WfVVO7N5ZiWXYOuazzRSEtfTjnGZRnx+WmkUb5KNvVhSg8F7oB7WrKMH/2I SQQYEQIACQUCUaAgOQIbDAAKCRDaMgsjY0+RLx/TAJ4uAleVExWDEVSbNeqm9wBk gRNGbgCeK648ARQH8pBNHcX/hsefvah7TO4= =XGEV -----END PGP PUBLIC KEY BLOCK-----
私鑰內容 :?
pg92@db-172-16-3-40-> cat secret.key -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux)lQG7BFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUgAAn2j3pAZqpbN3 xfFFL2YYhP+ePmrnCzm0BmRpZ29hbIhgBBMRAgAgBQJRoCA4AhsDBgsJCAcDAgQV AggDBBYCAwECHgECF4AACgkQ2jILI2NPkS+pqQCfe/4XubdbmrTSsjub9NG37qvY TK0AoMoocCzcwp94ppkKdRPH7INEX5mqnQI9BFGgIDkQCAD3+AAfHZ9rWEJajrt3 AuIPsg/eUVfpcREVi8DDcx9WlbkpgUM2QO6WbgMrfSaMupMIJHIpVrT9V4MFEAZ8 n0uUDoqjQGw6ChWVsS1Sj6b2/I5NtM24lr6h/SFFZTGkYya2NZHQtXJDxZsde5OL hVPRiha38f1bpGkwYSt4gclA+CRlL5qiib7tw19yZYiB+DyWgRcaf5ziMv+uoDz8 9g5EkwQTWEzVbTKpAy89oHAFkPfU1rBF0bJHoT5PRUlA767Otrwu2bBpsIoUjLfw f4EB3Pa5hLOUZKjX8mClKCOHeVAkHVp4yPleUqaauh0IUSfTNMraKpmCQyoqCkdH sAUDAAMFB/4zmZ+3ota2S79ET9GPvxNETpM6TZjLj/pjb2Ta3/zwndUrz8RWdjDZ 4QdCTfWtToyQ/KLaqr8TLo8k8ec9Eag/u5lim/6vejaRvnwKWTRremIk3OGvRVfY 6X/n2Gcn6To/25j6RyFLYXhs8f/liC/YB1g4hUdJz/bl2aA2aLbj6hLB9mnKCBOK AeJSwb2o7g7cJwGZWoxzIF2Q/Vv8c3QJUeX63xjVSHb8pcDdkjn0mr5eFTOIRtbh XNieLM5orytE3rD9VHCHcZ05U7xYnhKmj9q6Ruln1VTuzeWYll2Drms80UhLX045 xmUZ8flppFG+Sjb1YUoPBe6Ae1qyjB/9AAFUCNmPaOMHsDg6bZpo7ApZJbJsiW6Z BTCojWYF4E2C+5bPQoietziIE5V6LhPdiEkEGBECAAkFAlGgIDkCGwwACgkQ2jIL I2NPkS8f0wCgpSCnhRw+soY+Fpg5t7IHjusqNt0An0EeMye7x5uyQc2ikmVtgfZu NOxi =FwrW -----END PGP PRIVATE KEY BLOCK-----
# 使用公鑰加密數據, 使用私鑰解密數據時, # pgcrypto 需要字節流數據. # 所以在使用公鑰和私鑰前請先把他們轉換為bytea. 轉換公鑰為bytea :
digoal=# select dearmor('-----BEGIN PGP PUBLIC KEY BLOCK----- digoal'# Version: GnuPG v1.4.5 (GNU/Linux) digoal'# digoal'# mQGiBFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y digoal'# RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 digoal'# awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 digoal'# FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt digoal'# UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 digoal'# sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ digoal'# LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P digoal'# A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF digoal'# IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUrQGZGlnb2FsiGAE digoal'# ExECACAFAlGgIDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDaMgsjY0+R digoal'# L6mpAJ97/he5t1uatNKyO5v00bfuq9hMrQCgyihwLNzCn3immQp1E8fsg0Rfmaq5 digoal'# Ag0EUaAgORAIAPf4AB8dn2tYQlqOu3cC4g+yD95RV+lxERWLwMNzH1aVuSmBQzZA digoal'# 7pZuAyt9Joy6kwgkcilWtP1XgwUQBnyfS5QOiqNAbDoKFZWxLVKPpvb8jk20zbiW digoal'# vqH9IUVlMaRjJrY1kdC1ckPFmx17k4uFU9GKFrfx/VukaTBhK3iByUD4JGUvmqKJ digoal'# vu3DX3JliIH4PJaBFxp/nOIy/66gPPz2DkSTBBNYTNVtMqkDLz2gcAWQ99TWsEXR digoal'# skehPk9FSUDvrs62vC7ZsGmwihSMt/B/gQHc9rmEs5RkqNfyYKUoI4d5UCQdWnjI digoal'# +V5Sppq6HQhRJ9M0ytoqmYJDKioKR0ewBQMAAwUH/jOZn7ei1rZLv0RP0Y+/E0RO digoal'# kzpNmMuP+mNvZNrf/PCd1SvPxFZ2MNnhB0JN9a1OjJD8otqqvxMujyTx5z0RqD+7 digoal'# mWKb/q96NpG+fApZNGt6YiTc4a9FV9jpf+fYZyfpOj/bmPpHIUtheGzx/+WIL9gH digoal'# WDiFR0nP9uXZoDZotuPqEsH2acoIE4oB4lLBvajuDtwnAZlajHMgXZD9W/xzdAlR digoal'# 5frfGNVIdvylwN2SOfSavl4VM4hG1uFc2J4szmivK0TesP1UcIdxnTlTvFieEqaP digoal'# 2rpG6WfVVO7N5ZiWXYOuazzRSEtfTjnGZRnx+WmkUb5KNvVhSg8F7oB7WrKMH/2I digoal'# SQQYEQIACQUCUaAgOQIbDAAKCRDaMgsjY0+RLx/TAJ4uAleVExWDEVSbNeqm9wBk digoal'# gRNGbgCeK648ARQH8pBNHcX/hsefvah7TO4= digoal'# =XGEV digoal'# -----END PGP PUBLIC KEY BLOCK-----'); 得到 \x9901a20451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef93 2a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c 5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de 334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3 b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d362 1955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df766 2ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d3352b4066469676f616c8860041311020020050251a02038021b03060b0908070302041502080304160 20301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99a ab9020d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4f d57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba4693 0612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4 f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a474 7b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f2 4f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03 668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce6 8af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ff d8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd3009e2e02579513158311549b35eaa6f700648113466e009e2bae3c011407f2904d1dc 5ff86c79fbda87b4cee
轉換私鑰為bytea :?
digoal=# select dearmor('-----BEGIN PGP PRIVATE KEY BLOCK----- digoal'# Version: GnuPG v1.4.5 (GNU/Linux) digoal'# digoal'# lQG7BFGgIDgRBADALXrWA4PyT+Mj6be2Jl0kMeXItZqdqOp5fKOYNpWT2LqKBa9Y digoal'# RFMDZHSS1MIfjyDEi07O+TKm98haHBowbHB00qMXW6z6VAxtqdUBt9b0L52OwkA9 digoal'# awsclpalPvLwDAQGpxlJh7aQJ0hHjQRgvfTqJpOoCF4WoMVVSin5Ox2P4wCgzcr7 digoal'# FtLhbysH/Axqmx6Oc3wG3FMD/ij4ES38IDNAoacCOuWlA6MeaxWzgVka1Zl/h2kt digoal'# UVJOLeM0saF6Z570/RYYFASC5cVazCG9Gbq6a3WvCy6LW9hV5XZIOU1VBXYxaCP1 digoal'# sMeWgRSbVathdJMqbcz+kzqabiCVHDt5Q8k/TuIEvmkTnUbk1ca1GTxRJMhXYldZ digoal'# LDAcA/4hnPbjxUUtkQ9S6gP3Cih/8SOA/E4YIj5PK3S9nRc6OKZ9NiGVXmhqff8P digoal'# A4TmX08DiVclDzsaxpmB1yYUc44/rhEZ53XxKfHzjvowNKEevBm+cPEc0U9a5VSF digoal'# IBwfwuAAVbbfdmLKM+HcBsPc/3uRnNGRZX6mMvUAG9UCk50zUgAAn2j3pAZqpbN3 digoal'# xfFFL2YYhP+ePmrnCzm0BmRpZ29hbIhgBBMRAgAgBQJRoCA4AhsDBgsJCAcDAgQV digoal'# AggDBBYCAwECHgECF4AACgkQ2jILI2NPkS+pqQCfe/4XubdbmrTSsjub9NG37qvY digoal'# TK0AoMoocCzcwp94ppkKdRPH7INEX5mqnQI9BFGgIDkQCAD3+AAfHZ9rWEJajrt3 digoal'# AuIPsg/eUVfpcREVi8DDcx9WlbkpgUM2QO6WbgMrfSaMupMIJHIpVrT9V4MFEAZ8 digoal'# n0uUDoqjQGw6ChWVsS1Sj6b2/I5NtM24lr6h/SFFZTGkYya2NZHQtXJDxZsde5OL digoal'# hVPRiha38f1bpGkwYSt4gclA+CRlL5qiib7tw19yZYiB+DyWgRcaf5ziMv+uoDz8 digoal'# 9g5EkwQTWEzVbTKpAy89oHAFkPfU1rBF0bJHoT5PRUlA767Otrwu2bBpsIoUjLfw digoal'# f4EB3Pa5hLOUZKjX8mClKCOHeVAkHVp4yPleUqaauh0IUSfTNMraKpmCQyoqCkdH digoal'# sAUDAAMFB/4zmZ+3ota2S79ET9GPvxNETpM6TZjLj/pjb2Ta3/zwndUrz8RWdjDZ digoal'# 4QdCTfWtToyQ/KLaqr8TLo8k8ec9Eag/u5lim/6vejaRvnwKWTRremIk3OGvRVfY digoal'# 6X/n2Gcn6To/25j6RyFLYXhs8f/liC/YB1g4hUdJz/bl2aA2aLbj6hLB9mnKCBOK digoal'# AeJSwb2o7g7cJwGZWoxzIF2Q/Vv8c3QJUeX63xjVSHb8pcDdkjn0mr5eFTOIRtbh digoal'# XNieLM5orytE3rD9VHCHcZ05U7xYnhKmj9q6Ruln1VTuzeWYll2Drms80UhLX045 digoal'# xmUZ8flppFG+Sjb1YUoPBe6Ae1qyjB/9AAFUCNmPaOMHsDg6bZpo7ApZJbJsiW6Z digoal'# BTCojWYF4E2C+5bPQoietziIE5V6LhPdiEkEGBECAAkFAlGgIDkCGwwACgkQ2jIL digoal'# I2NPkS8f0wCgpSCnhRw+soY+Fpg5t7IHjusqNt0An0EeMye7x5uyQc2ikmVtgfZu digoal'# NOxi digoal'# =FwrW digoal'# -----END PGP PRIVATE KEY BLOCK-----'); 得到 : \x9501bb0451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef93 2a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c 5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de 334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3 b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d362 1955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df766 2ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d335200009f68f7a4066aa5b377c5f1452f661884ff9e3e6ae70b39b4066469676f616c8860041311020 020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eea bd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aa9d023d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731 f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a4632 6b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930 413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5 a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd 52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb9 8fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf1 8d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4 e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd00015408d98f68e307b0383a6d9a68ec0a5925b26c896e990530a88d6605e04d82fb96cf42889eb73 88813957a2e13dd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd300a0a520a7851c3eb2863e169839b7b2078eeb2a36dd009f411e332 7bbc79bb241cda292656d81f66e34ec62
使用公鑰加密字符串'i am digoal' :?
digoal=# select pgp_pub_encrypt('i am digoal', '\x9901a20451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d3352b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aab9020d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd3009e2e02579513158311549b35eaa6f700648113466e009e2bae3c011407f2904d1dc5ff86c79fbda87b4cee');
加密后的數據 :?
\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e 9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81a a4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5d d211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c 02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b522 0f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903 f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd4 9bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7 f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4
使用私鑰解密這串bytea.
digoal=# select pgp_pub_decrypt('\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4','\x9501bb0451a02038110400c02d7ad60383f24fe323e9b7b6265d2431e5c8b59a9da8ea797ca398369593d8ba8a05af58445303647492d4c21f8f20c48b4ecef932a6f7c85a1c1a306c7074d2a3175bacfa540c6da9d501b7d6f42f9d8ec2403d6b0b1c9696a53ef2f00c0406a7194987b6902748478d0460bdf4ea2693a8085e16a0c5554a29f93b1d8fe300a0cdcafb16d2e16f2b07fc0c6a9b1e8e737c06dc5303fe28f8112dfc203340a1a7023ae5a503a31e6b15b381591ad5997f87692d51524e2de334b1a17a679ef4fd1618140482e5c55acc21bd19baba6b75af0b2e8b5bd855e57648394d550576316823f5b0c79681149b55ab6174932a6dccfe933a9a6e20951c3b7943c93f4ee204be69139d46e4d5c6b5193c5124c8576257592c301c03fe219cf6e3c5452d910f52ea03f70a287ff12380fc4e18223e4f2b74bd9d173a38a67d3621955e686a7dff0f0384e65f4f038957250f3b1ac69981d72614738e3fae1119e775f129f1f38efa3034a11ebc19be70f11cd14f5ae55485201c1fc2e00055b6df7662ca33e1dc06c3dcff7b919cd191657ea632f5001bd502939d335200009f68f7a4066aa5b377c5f1452f661884ff9e3e6ae70b39b4066469676f616c8860041311020020050251a02038021b03060b090807030204150208030416020301021e01021780000a0910da320b23634f912fa9a9009f7bfe17b9b75b9ab4d2b23b9bf4d1b7eeabd84cad00a0ca28702cdcc29f78a6990a7513c7ec83445f99aa9d023d0451a02039100800f7f8001f1d9f6b58425a8ebb7702e20fb20fde5157e97111158bc0c3731f5695b92981433640ee966e032b7d268cba930824722956b4fd57830510067c9f4b940e8aa3406c3a0a1595b12d528fa6f6fc8e4db4cdb896bea1fd21456531a46326b63591d0b57243c59b1d7b938b8553d18a16b7f1fd5ba46930612b7881c940f824652f9aa289beedc35f72658881f83c9681171a7f9ce232ffaea03cfcf60e44930413584cd56d32a9032f3da0700590f7d4d6b045d1b247a13e4f454940efaeceb6bc2ed9b069b08a148cb7f07f8101dcf6b984b39464a8d7f260a52823877950241d5a78c8f95e52a69aba1d085127d334cada2a9982432a2a0a4747b0050300030507fe33999fb7a2d6b64bbf444fd18fbf13444e933a4d98cb8ffa636f64dadffcf09dd52bcfc4567630d9e107424df5ad4e8c90fca2daaabf132e8f24f1e73d11a83fbb99629bfeaf7a3691be7c0a59346b7a6224dce1af4557d8e97fe7d86727e93a3fdb98fa47214b61786cf1ffe5882fd8075838854749cff6e5d9a03668b6e3ea12c1f669ca08138a01e252c1bda8ee0edc2701995a8c73205d90fd5bfc73740951e5fadf18d54876fca5c0dd9239f49abe5e15338846d6e15cd89e2cce68af2b44deb0fd547087719d3953bc589e12a68fdaba46e967d554eecde598965d83ae6b3cd1484b5f4e39c66519f1f969a451be4a36f5614a0f05ee807b5ab28c1ffd00015408d98f68e307b0383a6d9a68ec0a5925b26c896e990530a88d6605e04d82fb96cf42889eb7388813957a2e13dd8849041811020009050251a02039021b0c000a0910da320b23634f912f1fd300a0a520a7851c3eb2863e169839b7b2078eeb2a36dd009f411e3327bbc79bb241cda292656d81f66e34ec62');pgp_pub_decrypt -----------------i am digoal (1 row)
5.3 使用pgp_key_id可以在加密后的數據中取出這分數據是通過對稱密鑰還是公鑰加密的
pgp_key_id(bytea) returns text
例如 :
digoal=# select pgp_key_id('\xc30d0404030245811e051118cc136ed23f0198808f069b53264d4a08c2b5dcf3b1c39a34d091263f7f6b64a14808e6ffb32ccc09749105b9cc062d70c628357ab1e2474ff6d109dd083ce892cfa55706');pgp_key_id ------------SYMKEY (1 row) digoal=# select pgp_key_id('\xc1c14e031b437bccd670d8451007fe2d921731879c4044946d8f5fc88fb40d4701895534d8d370882ac22b8ea899b014df1a835d3d5520a681c184816acef966e9a57201810eee18136dd8a148d81811de3f39ebaa7ada4e022fa3ce0f5d62937cad62ef28dbef8864f78c48f56ae932e8b2361d74dd3792388689e1443a77a06b81aa4a0bf0cb1d3158130c097d4f22483609e8c317914f3b99966d9274856884894917a1d0b1389ad62d303600edaed7edba52b9fd3890386fa9579089dbbe60124ba5dd211a710fb352e7400e2b13c139b6b9a7fc03308852ac19447afd01e660be6a72b4a2c0985f8abc66fbb874455c6f83cec73b51269538be7cc43229c37ae5658102c02c44e73cd60866550800dbbb466956161875455f5554db33b52b6897d78c8613a75d6627cd7cc5be2f5685bc67bcce04f2d9aef40404bd10ac1a5b3510c60c9b5220f2e8c87564ca133529282c04766aa902dddd19b2da3ddd8b5d95991276c4bcff6c720fa32522898567bb93bacef655f35c6b92bf72d6f75442b37f3c5fa05b1c903f25ff470e69340c946a2d985d2f384c7c1f99f7df8f0189366189af895d1615d6974adafeea2519e27b5b82a5d094a20fb8215bf7ed3f0f58c58b5fbe331da0bcfd49bf94426ba2e5db02b43a54ac9046fb11238e010b10cf4d9fec036ce1abb695b5462934f968682da6861583b58695b312a3d511b5e8091f6668ad116199567b453d7f51dfd23c0142070d0559e7e63c8ca3ed9363937184b90e273948e3dc80f121074f0f0b01f980a2d534683fc4b45131380cd70a564f33b72e6c812d858695dbb4');pgp_key_id ------------------1B437BCCD670D845 (1 row)
5.4 使用以下函數可以將加密后的數據bytea, 轉換成PGP ASCII-armor格式. 或者反向轉換
armor(data bytea) returns text dearmor(data text) returns bytea
5.5 用于產生隨機的加密數據bytea的函數 :
gen_random_bytes(count integer) returns bytea
[小結] 1. crypt+gen_salt?加密速度慢, 被破解的難度高.?密碼字符串通常較短, 并且有非常高的安全要求, 所以比較適合用于對密碼字段進行加密. 2. 對稱加密則比較適合數據量較大, 并且有安全需求的加密. 通常為了使用方便加密的密鑰可以存儲在本地庫中, 為了提高安全, 也可以把加密的密鑰存儲在客戶端或者其他數據庫中. 3. 公鑰加密手段與對稱加密類似, 只是需要生成鑰匙對. 使用公鑰加密后的數據解密需要用到對應的私鑰. 如果私鑰加了passphrase保護, 解密時還需要提供私鑰的passphrase.
[參考]1.?http://www.postgresql.org/docs/9.3/static/pgcrypto.html 2.?http://www.gnupg.org/gph/en/manual.html
3.?http://blog.163.com/digoal@126/blog/static/163877040201342233131835/ 4.?http://blog.163.com/digoal@126/blog/static/163877040201342383123592/ 5.?http://blog.163.com/digoal@126/blog/static/163877040201342335842432/ 6.?http://blog.163.com/digoal@126/blog/static/1638770402013423384517/ 7.?http://blog.163.com/digoal@126/blog/static/163877040201342443944861/ 8. pgcrypto擴展包新建的函數 :
[root@db-172-16-3-33 extension]# cat pgcrypto--1.0.sql /* contrib/pgcrypto/pgcrypto--1.0.sql */-- complain if script is sourced in psql, rather than via CREATE EXTENSION \echo Use "CREATE EXTENSION pgcrypto" to load this file. \quitCREATE FUNCTION digest(text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_digest' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION digest(bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_digest' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION hmac(text, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_hmac' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION hmac(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_hmac' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION crypt(text, text) RETURNS text AS 'MODULE_PATHNAME', 'pg_crypt' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION gen_salt(text) RETURNS text AS 'MODULE_PATHNAME', 'pg_gen_salt' LANGUAGE C VOLATILE STRICT;CREATE FUNCTION gen_salt(text, int4) RETURNS text AS 'MODULE_PATHNAME', 'pg_gen_salt_rounds' LANGUAGE C VOLATILE STRICT;CREATE FUNCTION encrypt(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_encrypt' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION decrypt(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_decrypt' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION encrypt_iv(bytea, bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_encrypt_iv' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION decrypt_iv(bytea, bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_decrypt_iv' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION gen_random_bytes(int4) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_random_bytes' LANGUAGE C VOLATILE STRICT;-- -- pgp_sym_encrypt(data, key) -- CREATE FUNCTION pgp_sym_encrypt(text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_sym_encrypt_bytea(bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_sym_encrypt(data, key, args) -- CREATE FUNCTION pgp_sym_encrypt(text, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_sym_encrypt_bytea(bytea, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_sym_decrypt(data, key) -- CREATE FUNCTION pgp_sym_decrypt(bytea, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_sym_decrypt_bytea(bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_sym_decrypt(data, key, args) -- CREATE FUNCTION pgp_sym_decrypt(bytea, text, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_sym_decrypt_bytea(bytea, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_sym_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_pub_encrypt(data, key) -- CREATE FUNCTION pgp_pub_encrypt(text, bytea) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_pub_encrypt_bytea(bytea, bytea) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_pub_encrypt(data, key, args) -- CREATE FUNCTION pgp_pub_encrypt(text, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_text' LANGUAGE C STRICT;CREATE FUNCTION pgp_pub_encrypt_bytea(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_encrypt_bytea' LANGUAGE C STRICT;-- -- pgp_pub_decrypt(data, key) -- CREATE FUNCTION pgp_pub_decrypt(bytea, bytea) RETURNS text AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_pub_decrypt_bytea(bytea, bytea) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_pub_decrypt(data, key, psw) -- CREATE FUNCTION pgp_pub_decrypt(bytea, bytea, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_pub_decrypt_bytea(bytea, bytea, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- pgp_pub_decrypt(data, key, psw, arg) -- CREATE FUNCTION pgp_pub_decrypt(bytea, bytea, text, text) RETURNS text AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_text' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION pgp_pub_decrypt_bytea(bytea, bytea, text, text) RETURNS bytea AS 'MODULE_PATHNAME', 'pgp_pub_decrypt_bytea' LANGUAGE C IMMUTABLE STRICT;-- -- PGP key ID -- CREATE FUNCTION pgp_key_id(bytea) RETURNS text AS 'MODULE_PATHNAME', 'pgp_key_id_w' LANGUAGE C IMMUTABLE STRICT;-- -- pgp armor -- CREATE FUNCTION armor(bytea) RETURNS text AS 'MODULE_PATHNAME', 'pg_armor' LANGUAGE C IMMUTABLE STRICT;CREATE FUNCTION dearmor(text) RETURNS bytea AS 'MODULE_PATHNAME', 'pg_dearmor' LANGUAGE C IMMUTABLE STRICT;
總結
以上是生活随笔為你收集整理的PostgreSQL column cryptographic use pgcrypto extension and optional openssl lib的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: power bi 雷达图_【深度解析】基
- 下一篇: dm连接mysql_DM数据库JDBC连