运行以下命令,并将content_file,signature_file和id_rsa.pub(或pem)的内容插入到Postgres数据库中。
openssl dgst -sign id_rsa content_file > signature_file
有没有办法验证签名是否与Postgres中的内容/公钥相对应?
我查看了pgcrypto函数,但唯一相关的函数似乎是pgp_pub_decrypt需要密钥。
基本上我希望在Postgres中执行以下操作:
openssl dgst -verify .\id_rsa.pem -signature .\signature_file .\content_file
答案 0 :(得分:0)
根据克雷格的建议,我最终使用plpythonu来解决这个问题。
CREATE OR REPLACE FUNCTION api.verify(
p_data text,
p_signature text,
p_publickey text
)
RETURNS boolean AS
$$
try:
import rsa
pubkey = rsa.PublicKey.load_pkcs1(p_publickey)
signature = bytearray.fromhex(p_signature)
verified = rsa.verify(p_data, signature, pubkey)
return verified
except:
return False
$$ LANGUAGE plpythonu VOLATILE
SECURITY DEFINER;
由于我缺乏python知识,最难的部分实际上是设置所需的python包(在我的情况下是Docker环境)。以下是Dockerfile的相关摘录:
FROM postgres:9.6
# Install necessary python packages to work with postgres
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
"postgresql-plpython-$PG_MAJOR" \
&& apt-get install -y python-pip python-dev
# Install python rsa module for signature verification
RUN pip install rsa
根据以下参数,该功能起作用:
-- Generate private key. Provide secure passphrase when prompted.
openssl genrsa -aes256 -out private.pem 4096
--Export public KEY
openssl rsa -in private.pem -RSAPublicKey_out -out public.pem
--Sign data. Provide secure passphrase when prompted.
--Remove first line (RSA-SHA256(data.txt)=) when passing into database verify function.
openssl dgst -hex -sign private.pem data.txt > signature.txt