Re: Encryption in pg_dump

On 7/23/20 4:05 AM, Paul Förster wrote:
> Hi Tal,
>
>> On 23. Jul, 2020, at 10:27, Tal Glo <glozmantal(at)gmail(dot)com> wrote:
>> There is a way to implement full homomorphic encryption (FHE) with Postgres.
> ok.
>
>> I've used a relatively old version (2.3.1) of Microsoft's SEAL library in my University project for that.
> I don't know about Windows but I assume, Linux would be similar?
>
>> 2. Handling queries related to FHE encrypted attributes on the server side requires an implementation of own C language functions.
> we don't do that. Also, we have third party applications. In case they need to be modified, this is impossible.

That was my first thought, too.  We mostly run 3rd party applications, with
very little home-grown.  TDE (transparent data encryption) is the only
reasonable work-around.

>> It's not always a good Idea to say that something cannot be done or that some one needs to be replaced. Sometimes it's worth to develop some new process, based on a mixture of available technologies out there.
> right, but only if it makes sense. To put a wallet in the file system and its key right next to it does not make sense but only serves to make IT heads and security "gurus" go quiet. In these cases, only replacing them by competent ones helps.

Which is as unlikely as getting all 3rd party vendors to implement
application-level encryption.

--
Angular momentum makes the world go 'round.