PostgreSQL 对称加密、非对称加密用法介绍

概述点击有惊喜 标签 PostgreSQL , 对称加密 , 非对称加密 , Symmetric , ASymmetric , public , private , pgcrypto , 区块链 背景 对称加密方法，指加密和解密使用同一把密钥的方法。优势是加密速度快，缺陷是密钥只有一把，安全性较低。 非对称加密方法，指加密和解密用到一对钥匙，一把为私钥，一把为公钥。通常的用法是公钥用于加密，私钥用于解

点击有惊喜

标签

Postgresql,对称加密,非对称加密,Symmetric,asymmetric,public,private,pgcrypto,区块链

---

背景

对称加密方法，指加密和解密使用同一把密钥的方法。优势是加密速度快，缺陷是密钥只有一把，安全性较低。

非对称加密方法，指加密和解密用到一对钥匙，一把为私钥，一把为公钥。通常的用法是公钥用于加密，私钥用于解密。优势是更加安全，你自己只要保护好私钥，就可以保证别人给你发的数据无法被篡改、窃听。缺陷是加解密效率比对称加密更差一些。

混合加密，指发送大量加密数据前，首先使用非对称加密，将对称加密的密钥加密发送给对端，然后双方使用对称加密通讯。时长更改对称加密的密钥来保证安全。

Postgresql pgcrypto插件，同时支持对称和非对称加密，详细用法参考:

https://www.postgresql.org/docs/devel/static/pgcrypto.html

用法介绍 一、对称加密

加密和解密使用同一把钥匙。

1、加密

postgres=# \x Expanded display is on.  postgres=# select pgp_sym_encrypt('需要加密的文字，你好呀，我是digoal.','this is password','cipher-algo=aes256,compress-algo=2'); -[ RECORD 1 ]---+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  pgp_sym_encrypt | \xc30d040903022bdfd5bc64a755e072d27001818495e940d555f02711fed0cce27265d8955af6a669c6996dfd805dbfdf45c0e81ceb7aff8ced8dad51a812127043674720e054e4bf8738048b5e57df3b87b1f786270db0dddb14a9bc89701a53fc6d9a597861a818f7bb38f085ca7c413af25c68344f4676f62aa1a72c76183369

2、解密

# select pgp_sym_decrypt('\xc30d040903022bdfd5bc64a755e072d27001818495e940d555f02711fed0cce27265d8955af6a669c6996dfd805dbfdf45c0e81ceb7aff8ced8dad51a812127043674720e054e4bf8738048b5e57df3b87b1f786270db0dddb14a9bc89701a53fc6d9a597861a818f7bb38f085ca7c413af25c68344f4676f62aa1a72c76183369','this is password'); -[ RECORD 1 ]---+------------------------------------  pgp_sym_decrypt | 需要加密的文字，你好呀，我是digoal.

二、非对称加密

由于非对称加解密使用的是一对公钥和密钥，首先需要生成一对公钥和密钥。

使用gpg --gen-key可以生成。

以linux系统为例。

安装、启动rng-tools

为了快速生成随机数，需要安装rng-tools。（产生公钥与密钥时，需要一些随机数）

yum install -y rng-tools

启动rngd，生成随机数

rngd    read error    hwrng: no available rng  Unable to open file: /dev/tpm0

# ps -ewf|grep rngd root     14762     1  0 14:52 ?        00:00 rngd  root     14767 12394  52 pts/4    00 grep --color=auto rngd

生成一对公钥和密钥

1、

# gpg --gen-key gpg (GnuPG) 2.0.22; copyright (C) 2013 Free Software Foundation,Inc.  This is free software: you are free to change and redistribute it.  There is NO WARRANTY,to the extent permitted by law.

2、输入KEY类别，选择2

Please select what kind of key you want:     (1) RSA and RSA (default)     (2) DSA and Elgamal     (3) DSA (sign only)     (4) RSA (only)  Your selection? 2

3、选择KEY的长度

DSA keys may be between 1024 and 3072 bits long.  What keysize do you want? (2048)   Requested keysize is 2048 bits

4、输入KEY的有效时间，这里输入的是10年

Please specify how long the key should be valID.           0 = key does not expire        <n>  = key expires in n days        <n>w = key expires in n weeks        <n>m = key expires in n months        <n>y = key expires in n years  Key is valID for? (0) 10y  Key expires at Thu 24 Feb 2028 02:52:09 PM CST

5、是否正确

Is this correct? (y/N) y

6、输入KEY的标识

GnuPG needs to construct a user ID IDentify your key.    Real name: digoal  Email address: digoal@126.com  Comment: test  You selected this USER-ID:      @H_419_257@"digoal (test) <digoal@126.com>"

7、确认

Change (N)ame,(C)omment,(E)mail or (O)kay/(Q)uit? O

8、输入私有密钥的保护密码

You need a Passphrase to protect your secret key.  假设这里输入了 hello123   lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk  x Enter passphrase                                    x  x                                                     x  x                                                     x  x Passphrase ********____________ x  x                                                     x  x       <OK>                             <Cancel>     x  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj   lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk  x Please re-enter this passphrase                     x  x                                                     x  x Passphrase Cancel>     x  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

生成好后，也能设置密码

# gpg --passwd "digoal (test) <digoal@126.com>"  lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk  x Please enter the passphrase to unlock the secret key for the OpenPGP certificate:  x  x "digoal (test) <digoal@126.com>"                                                   x  x 2048-bit DSA key,ID 42CF57DB,x  x created 2018-02-26.                                                                x  x                                                                                    x  x                                                                                    x  x Passphrase ****_______ x  x                                                                                    x  x            <OK>                                                  <Cancel>          x  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj   Enter the new passphrase for this secret key.    9、生成密钥过程中，需要机器有一定的随机输入，所以我们前面启动了rngd
  
We need to generate a lot of random bytes. It is a good IDea to perform  some other action (type on the keyboard,move the mouse,utilize the  disks) during the prime generation; this gives the random number  generator a better chance to gain enough entropy.  gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size We need to generate a lot of random bytes. It is a good IDea to perform some other action (type on the keyboard,utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. 
  
  
点击有惊喜
             总结       
以上是内存溢出为你收集整理的PostgreSQL 对称加密、非对称加密用法介绍全部内容，希望文章能够帮你解决PostgreSQL 对称加密、非对称加密用法介绍所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。
					
										


					

						
欢迎分享，转载请注明来源：内存溢出
原文地址: http://outofmemory.cn/sjk/1171422.html