由于业务需求,GP版本的加密软件无法达到预期效果,所以自己开始自己写c函数实现了同样的原理,这里只介绍下如何在GP和PG下使用
GP安装,版本4.3.30.0
在master节点编译c代码,然后将.so文件复制到对应目录,并且要在所有segment节点都复制到对应目录下
gcc -m64 -O3 -funroll-loops -fargument-noalias-global -g -finline-limit=1800 -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv -I /opt/greenplum-db-4.3.30.0/include -fpic -I. -I /opt/greenplum-db-4.3.30.0/include/postgresql/server -I/opt/greenplum-db-4.3.30.0/include/postgresql/internal -D_GNU_SOURCE -c -o codecwithkey_final.o codecwithkey_final.c
gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv -fpic -L/opt/greenplum-db-4.3.30.0/lib -Wl,-rpath,'/opt/greenplum-db-4.3.30.0/lib',--enable-new-dtags -shared -o codecwithkey_final.so codecwithkey_final.o
这里的目录自己找自己对应的,这是我环境的目录,切勿照抄
cp codecwithkey_final.so /opt/greenplum-db-4.3.30.0/lib/postgresql/
gpscp -f /home/gpadmin/nonmaster_host_file codecwithkey_final.so =:/opt/greenplum-db-4.3.30.0/lib/postgresql/
进入GP,创建对应加密解密函数
CREATE OR REPLACE FUNCTION encode(text,text)
RETURNS text AS
'codecwithkey_final.so', 'encode'
LANGUAGE c IMMUTABLE STRICT;
CREATE OR REPLACE FUNCTION decode(text,text)
RETURNS text AS
'codecwithkey_final.so', 'decode'
LANGUAGE c IMMUTABLE STRICT;
postgresql编译安装
编译并复制.so文件到postgresql lib目录下
gcc -I`pg_config --includedir-server` -fPIC -c codecwithkey_final.c
gcc -shared -o codecwithkey_final.so codecwithkey_final.o
cp codecwithkey_final.so /opt/pgsql9.6.1/lib
进入数据库,创建相关函数
load 'codecwithkey_final.son';
CREATE OR REPLACE FUNCTION encode(text,text)
RETURNS text AS
'codecwithkey_final.so', 'encode'
LANGUAGE c IMMUTABLE STRICT;
CREATE OR REPLACE FUNCTION decode(text,text)
RETURNS text AS
'codecwithkey_final.so', 'decode'
LANGUAGE c IMMUTABLE STRICT;
带key的加密解密使用
select decode(encode('你好啊','dauziba008'),'dazuiba008');
'你好啊'