PostgreSQL 对称加密、非对称加密用法介绍
2018-03-01 17:04
309 查看
点击有惊喜
PostgreSQL , 对称加密 , 非对称加密 , Symmetric , ASymmetric , public , private , pgcrypto , 区块链
对称加密方法,指加密和解密使用同一把密钥的方法。优势是加密速度快,缺陷是密钥只有一把,安全性较低。
非对称加密方法,指加密和解密用到一对钥匙,一把为私钥,一把为公钥。通常的用法是公钥用于加密,私钥用于解密。优势是更加安全,你自己只要保护好私钥,就可以保证别人给你发的数据无法被篡改、窃听。缺陷是加解密效率比对称加密更差一些。
混合加密,指发送大量加密数据前,首先使用非对称加密,将对称加密的密钥加密发送给对端,然后双方使用对称加密通讯。时长更改对称加密的密钥来保证安全。
PostgreSQL pgcrypto插件,同时支持对称和非对称加密,详细用法参考:
https://www.postgresql.org/docs/devel/static/pgcrypto.html
加密和解密使用同一把钥匙。
1、加密
2、解密
由于非对称加解密使用的是一对公钥和密钥,首先需要生成一对公钥和密钥。
使用
以Linux系统为例。
为了快速生成随机数,需要安装rng-tools。(产生公钥与密钥时,需要一些随机数)
启动rngd,生成随机数
1、
2、输入KEY类别,选择2
3、选择KEY的长度
4、输入KEY的有效时间,这里输入的是10年
5、是否正确
6、输入KEY的标识
7、确认
8、输入私有密钥的保护密码
生成好后,也能设置密码
9、生成密钥过程中,需要机器有一定的随机输入,所以我们前面启动了rngd
点击有惊喜
标签
PostgreSQL , 对称加密 , 非对称加密 , Symmetric , ASymmetric , public , private , pgcrypto , 区块链
背景
对称加密方法,指加密和解密使用同一把密钥的方法。优势是加密速度快,缺陷是密钥只有一把,安全性较低。非对称加密方法,指加密和解密用到一对钥匙,一把为私钥,一把为公钥。通常的用法是公钥用于加密,私钥用于解密。优势是更加安全,你自己只要保护好私钥,就可以保证别人给你发的数据无法被篡改、窃听。缺陷是加解密效率比对称加密更差一些。
混合加密,指发送大量加密数据前,首先使用非对称加密,将对称加密的密钥加密发送给对端,然后双方使用对称加密通讯。时长更改对称加密的密钥来保证安全。
PostgreSQL pgcrypto插件,同时支持对称和非对称加密,详细用法参考:
https://www.postgresql.org/docs/devel/static/pgcrypto.html
用法介绍
一、对称加密
加密和解密使用同一把钥匙。1、加密
postgres=# \x Expanded display is on. postgres=# select pgp_sym_encrypt('需要加密的文字,你好呀,我是digoal.', 'this is password', 'cipher-algo=aes256, compress-algo=2'); -[ RECORD 1 ]---+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- pgp_sym_encrypt | \xc30d040903022bdfd5bc64a755e072d27001818495e940d555f02711fed0cce27265d8955af6a669c6996dfd805dbfdf45c0e81ceb7aff8ced8dad51a812127043674720e054e4bf8738048b5e57df3b87b1f786270db0dddb14a9bc89701a53fc6d9a597861a818f7bb38f085ca7c413af25c68344f4676f62aa1a72c76183369
2、解密
postgres=# select pgp_sym_decrypt('\xc30d040903022bdfd5bc64a755e072d27001818495e940d555f02711fed0cce27265d8955af6a669c6996dfd805dbfdf45c0e81ceb7aff8ced8dad51a812127043674720e054e4bf8738048b5e57df3b87b1f786270db0dddb14a9bc89701a53fc6d9a597861a818f7bb38f085ca7c413af25c68344f4676f62aa1a72c76183369', 'this is password'); -[ RECORD 1 ]---+------------------------------------ pgp_sym_decrypt | 需要加密的文字,你好呀,我是digoal.
二、非对称加密
由于非对称加解密使用的是一对公钥和密钥,首先需要生成一对公钥和密钥。使用
gpg --gen-key可以生成。
以Linux系统为例。
安装、启动rng-tools
为了快速生成随机数,需要安装rng-tools。(产生公钥与密钥时,需要一些随机数)yum install -y rng-tools
启动rngd,生成随机数
rngd read error hwrng: no available rng Unable to open file: /dev/tpm0
# ps -ewf|grep rngd root 14762 1 0 14:52 ? 00:00:00 rngd root 14767 12394 0 14:52 pts/4 00:00:00 grep --color=auto rngd
生成一对公钥和密钥
1、# gpg --gen-key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
2、输入KEY类别,选择2
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 2
3、选择KEY的长度
DSA keys may be between 1024 and 3072 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits
4、输入KEY的有效时间,这里输入的是10年
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 10y Key expires at Thu 24 Feb 2028 02:52:09 PM CST
5、是否正确
Is this correct? (y/N) y
6、输入KEY的标识
GnuPG needs to construct a user ID to identify your key. Real name: digoal Email address: digoal@126.com Comment: test You selected this USER-ID: "digoal (test) <digoal@126.com>"
7、确认
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
8、输入私有密钥的保护密码
You need a Passphrase to protect your secret key. 假设这里输入了 hello123 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Enter passphrase x x x x x x Passphrase ********________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please re-enter this passphrase x x x x Passphrase ********________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
生成好后,也能设置密码
# gpg --passwd "digoal (test) <digoal@126.com>" lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please enter the passphrase to unlock the secret key for the OpenPGP certificate: x x "digoal (test) <digoal@126.com>" x x 2048-bit DSA key, ID 42CF57DB, x x created 2018-02-26. x x x x x x Passphrase *********______________________________________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj Enter the new passphrase for this secret key. lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Enter passphrase x x x x x x Passphrase ********________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please re-enter this passphrase x x x x Passphrase ********________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
9、生成密钥过程中,需要机器有一定的随机输入,所以我们前面启动了rngd
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
点击有惊喜
相关文章推荐
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- SSH HTTPS 公钥、秘钥、对称加密、非对称加密 介绍
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- 对称加密和非对称加密介绍和区别
- 对称加密、非对称加密、单项散列加密介绍
- 对称加密和非对称加密介绍和区别
- 单向散列加密,对称加密,非对称加密
- 对称加密与非对称加密
- 对称加密与非对称加密
- 对称加密与非对称加密
- 重温对称加密和非对称加密
- android 对称加密,非对称加密 android 常见的加密
- Android与服务器交互方式中的对称加密和非对称加密
- 明文、密文、密码、密钥、对称加密、非对称加密、摘要、数字签名、数字证书