If the keys or values contain any non-ASCII characters,
they are treated as UTF-8.
</para>
</sect3>
<sect3 id="pgcrypto-pgp-enc-funcs-opts">
<title>Options for PGP Functions</title>
<para>
Options are named to be similar to GnuPG. An option's value should be
given after an equal sign; separate options from each other with commas.
For example:
<programlisting>
pgp_sym_encrypt(data, psw, 'compress-algo=1, cipher-algo=aes256')
</programlisting>
</para>
<para>
All of the options except <literal>convert-crlf</literal> apply only to
encrypt functions. Decrypt functions get the parameters from the PGP
data.
</para>
<para>
The most interesting options are probably
<literal>compress-algo</literal> and <literal>unicode-mode</literal>.
The rest should have reasonable defaults.
</para>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-cipher-algo">
<title>cipher-algo</title>
<para>
Which cipher algorithm to use.
</para>
<literallayout>
Values: bf, aes128, aes192, aes256, 3des, cast5
Default: aes128
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-compress-algo">
<title>compress-algo</title>
<para>
Which compression algorithm to use. Only available if
<productname>PostgreSQL</productname> was built with zlib.
</para>
<literallayout>
Values:
0 - no compression
1 - ZIP compression
2 - ZLIB compression (= ZIP plus meta-data and block CRCs)
Default: 0
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-compress-level">
<title>compress-level</title>
<para>
How much to compress. Higher levels compress smaller but are slower.
0 disables compression.
</para>
<literallayout>
Values: 0, 1-9
Default: 6
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-convert-crlf">
<title>convert-crlf</title>
<para>
Whether to convert <literal>\n</literal> into <literal>\r\n</literal> when
encrypting and <literal>\r\n</literal> to <literal>\n</literal> when
decrypting. <acronym>RFC</acronym> 4880 specifies that text data should be stored using
<literal>\r\n</literal> line-feeds. Use this to get fully RFC-compliant
behavior.
</para>
<literallayout>
Values: 0, 1
Default: 0
Applies to: pgp_sym_encrypt, pgp_pub_encrypt, pgp_sym_decrypt, pgp_pub_decrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-disable-mdc">
<title>disable-mdc</title>
<para>
Do not protect data with SHA-1. The only good reason to use this
option is to achieve compatibility with ancient PGP products, predating
the addition of SHA-1 protected packets to <acronym>RFC</acronym> 4880.
Recent gnupg.org and pgp.com software supports it fine.
</para>
<literallayout>
Values: 0, 1
Default: 0
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-sess-key">
<title>sess-key</title>
<para>
Use separate session key. Public-key encryption always uses a separate
session key; this option is for symmetric-key encryption, which by default
uses the S2K key directly.
</para>
<literallayout>
Values: 0, 1
Default: 0
Applies to: pgp_sym_encrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-s2k-mode">
<title>s2k-mode</title>
<para>
Which S2K algorithm to use.
</para>
<literallayout>
Values:
0 - Without salt. Dangerous!
1 - With salt but with fixed iteration count.
3 - Variable iteration count.
Default: 3
Applies to: pgp_sym_encrypt
</literallayout>
</sect4>
<sect4 id="pgcrypto-pgp-enc-funcs-opts-s2k-count">
<title>s2k-count</title>
<para>
The number of iterations of the S2K algorithm to use. It must
be a value between 1024 and 65011712, inclusive.
</para>
<literallayout>
Default: A