Reputation: 21
PostgreSQL RSA-SHA256 password checking
I have a node js app which stores passwords into a PostgreSQL database (Sequelize ORM) according to the function setSaltAndPassword detailed below
const crypto = require("crypto");
User.generateSalt = function() {
return crypto.randomBytes(16).toString("base64");
};
User.encryptPassword = function(plainText, salt) {
return crypto
.createHash("RSA-SHA256")
.update(plainText)
.update(salt)
.digest("hex");
};
function setSaltAndPassword(user) {
if (user.changed("password")) {
user.salt = User.generateSalt();
user.password = User.encryptPassword(user.password, user.salt());
}
};
I want to be able to check a password for correctness with sql, so that I can integrate this db with a dokuwiki via the authpdo plugin authpdo
I've tried finding way to do this in PosgreSQL, and have found the pgcrypto package, but it only has a single note on RSA at the bottom of the page stating:
"For RSA encryption you must create either DSA or RSA sign-only key as master and then add an RSA encryption subkey with gpg --edit-key."
Admittedly I have little experience with Cryptography and PostgreSQL, so I might be misunderstanding something here.
How should I go about verifying passwords via sql?
Thank you for your time.
Upvotes: 0
Views: 312
Answers (0)
Related Questions
- Node.js hashing of passwords
- Check password is correct having md5 hashed in database
- Node Postgresql User Password Security
- Cant use original password, after hash (pgcrypto)
- Hashed pass, compare the result
- Authenticate users using only password
- NodeJS/PostgreSQL. I can authenticate using arbitrary/any password
- Verify password hash in nodejs which was generated in php
- Node js - Bcrypt - compare method returns false for the correct input password
- NodeJs Security - Read hashed sha256 password from DB