As it's not well documented yet (sorry) I'm following up to add signing is done with `crypto_sign()` and `crypto_sign_open()`
https://github.com/michelp/pgsodium/blob/master/test.sql#L73 On Wed, May 27, 2020 at 2:42 PM Michel Pelletier <pelletier.mic...@gmail.com> wrote: > Hi Marc, > > You can sign content with pgsodium: > > https://github.com/michelp/pgsodium > > On Tue, May 26, 2020 at 12:21 PM Marc Munro <m...@bloodnok.com> wrote: > >> On Tue, 2020-05-26 at 12:04 -0700, Adrian Klaver wrote: >> > On 5/26/20 12:01 PM, Marc Munro wrote: >> > > I need to be able to cryptographically sign objects in my database >> > > using a public key scheme. >> > > [ . . . ] >> > > Any other options? Am I missing something? >> > >> > https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.7 >> >> I looked at that but I must be missing something. In order to usefully >> sign something, the private, secret, key must be used to encrypt a >> disgest of the thing being signed (something of a simplification, but >> that's the gist). This can then be verified, by anyone, using the >> public key. >> >> But the pgcrypto functions, for good reasons, do not allow the private >> (secret) key to be used in this way. Encryption and signing algorithms >> are necessarily different as the secret key must be protected; and we >> don't want signatures to be huge, and it seems that pgcrypto has not >> implemented signing algorithms. >> >> What am I missing? >> >> __ >> Marc >> >> >>