0

I'm trying to set chipher algorithm(postgres 9.6 or 12 / pgcrypto module) for encryption and decryption. But realized that pgp_sym_encrypt and pgp_sym_decrypt works with different algorithms. I didn't understand why below statement works with different chipher algorithm that encrypted with aes128 and decrypted with aes256 or vise versa, but expected error. Is there any mistake?

select pgp_sym_decrypt(pgp_sym_encrypt('secretvalue', 'secretkey', 'cipher-algo=aes128'), 'secretkey', 'cipher-algo=aes256');

select pgp_sym_decrypt(pgp_sym_encrypt('secretvalue', 'secretkey', 'cipher-algo=aes256'), 'secretkey', 'cipher-algo=aes128');
nikli
  • 2,281
  • 2
  • 24
  • 38
  • 3
    The `cipher-algo` parameter seems to be used only for `pgp_sym_encrypt` and _not_ for `pgp_sym_decrypt`, where the latter gets the parameters from the PGP data: _F.25.3.8. Options for PGP Functions: All of the options except convert-crlf apply only to encrypt functions. Decrypt functions get the parameters from the PGP data._ and _F.25.3.8.1. cipher-algo: Applies to: pgp_sym_encrypt, pgp_pub_encrypt_, see [F.25. pgcrypto](https://www.postgresql.org/docs/12/pgcrypto.html). Probably the `cipher-algo` parameter in the `pgp_sym_decrypt` call is simply ignored in the posted code snippet. – Topaco Dec 18 '19 at 08:26
  • Hi Nikli. Does this help ? "The actual encryption algorithm is almost the same between all variants of AES. They all take a 128-bit block and apply a sequence of identical "rounds" Ref https://crypto.stackexchange.com/a/1527/75266 –  Dec 18 '19 at 09:17

0 Answers0