| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | "Moran(dot)Michael" <Michael(dot)Moran(at)IGT(dot)com> |
| Cc: | PostgreSQL <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: PGCrypto: Realworld scenario and advice needed |
| Date: | 2005-04-11 22:26:22 |
| Message-ID: | 425AF98E.3030004@joeconway.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Moran.Michael wrote:
> My initial attack plan was to do the following:
>
> 1. Call decrypt() with the old-passphrase to decrypt each table's existing
> data.
> 2. Temporarily store the decrypted data in temp tables.
> 3. Delete all rows of encrypted data from the original tables -- thereby
> clearing the tables of all data encrypted with the old passphrase.
> 4. Call encrypt() with the new passphrase to encrypt all data in the temp
> tables -- thereby repopulating the production tables with data encrypted
> with the new passphrase.
> 5. Blow away the temp tables.
>
> But this seems like a tedious procedure.
>
> Is there any simple way to update ALL existing encrypted data with a new
> passphrase, assuming you know the old passphrase and encryption type (i.e.
> AES, Blowfish, etc.) without having to go through the 5-step process
> mentioned above?
Why not use a single UPDATE command, e.g. something like:
UPDATE tbl
SET f1 = encrypt(decrypt(f1, 'oldkey', 'aes'), 'newkey', 'aes');
Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bill Lawrence | 2005-04-12 01:25:10 | Re: Getting the output of a function used in a where clause |
| Previous Message | Andrus Moor | 2005-04-11 21:43:10 | Query runs very slowly in Postgres, but very fast in other DBMS |