From: | Vikas Sharma <shavikas(at)gmail(dot)com> |
---|---|
To: | Joe Conway <mail(at)joeconway(dot)com> |
Cc: | Luca Ferrari <fluca1978(at)gmail(dot)com>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: pgcrypto - real life examples to encrypt / decrypt |
Date: | 2021-08-03 13:41:45 |
Message-ID: | CAN6gwKwFTvc6RaPcvet9F3wK7XO=JgT2KZxpx-XNHJZNO3MJiw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Thanks you Guys,
These are very helpful pointers. I will go away and see how much depth I do
need.
Regards
Vikas S.
On Tue, 3 Aug 2021 at 14:36, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 8/3/21 8:43 AM, Luca Ferrari wrote:
> > On Tue, Aug 3, 2021 at 1:03 PM Vikas Sharma <shavikas(at)gmail(dot)com> wrote:
> >> My question is, can I use the gpg public/secret key instead of the
> 'Secret password' in above PGP_Sym_encrypt/decrypt? I can create a wrapper
> function to read the public/secret keys to hide it from appearing as clear
> text.
> >
> > I think you are looking for something like:
> >
> > pgp_pub_encrypt( clear_text,
> > dearmor( '-----BEGIN PGP PUBLIC KEY BLOCK-----
> > ...
> > -----END PGP PUBLIC KEY BLOCK-----' ) );
> >
> >
> >>
> >> still researching how to encrypt a column with sensitive data as a best
> practice to use in OLTP production with minimal impact on performance.
> >
> > Clearly, as you add more stuff to do, performances will be lower. I
> > strongly recommend you to analyze if column encryption is really what
> > you need for your purposes, because in my little experience it is
> > often too much work with regard to other approaches (e.g., disk and
> > backup encryption).
>
> Generally agreed. This topic is vast and complex and probably beyond
> what most people want to discuss by typing (at least for me) ;-)
>
> That said, you might find this extension written by Bruce Momjian useful:
>
> https://momjian.us/download/pgcryptokey/
>
> HTH,
>
> Joe
> --
> Crunchy Data - http://crunchydata.com
> PostgreSQL Support for Secure Enterprises
> Consulting, Training, & Open Source Development
>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2021-08-03 13:59:33 | Re: Unexpected block ID found when reading data |
Previous Message | Joe Conway | 2021-08-03 13:36:25 | Re: pgcrypto - real life examples to encrypt / decrypt |