On 14/06/11 11:51, Vikram A wrote: > Dear Mr. Craig Ringer, > Thank you for your response. > I would like to crypt certain sensitive information in my applications > such as Student register number, their marks, results etc. For this > reason i done a study for doing encryption. Where I found that this PGP > will help the encryption/decryption. Sure. You can also just use a simple symmetric cypher for that sort of thing, unless you know you need the ability to encrypt data without knowing the secret key. Since I presume your application needs to be able to *read* the data it has written, and needs to be able to access that data in decrypted form, I doubt you really need a public key system like PGP. Your application will need to know the secret key to decrypt the data anyway. > Any other methods/techniques are there for encryption? Symmetric cyphers like AES. They're faster and easier to work with, just a bit less flexible. > I > prefer encryption with "key"; key also should not be known to Developers. All encryption systems use a key. Do you mean a separate public and private key? If so: why? What specific advantages does that gain you in your situation? Public key crypto (for encryption) is mostly useful when you have less-trusted users/clients/whatever sending you information that you want to keep secret from other people and from other users, so only a few people can *read* the information even though many can *write* it. If this is your situation you might have a use for pgcrypto's PGP support; otherwise I'd suggest using a symmetric key for simplicity. As for secrecy: You can't really keep the key secret from the developers if they will have any access to the production system (for testing, troubleshooting, performance tuning, etc). That's because the production system needs to know the decryption key, and if the system knows the key the developers of the system can get it to reveal that key. Even if you don't give the developers the key, nothing stops them modifying the program so that it emails a copy of the key to them whenever it loads a key, or saves an unencrypted copy to a file on a shared drive, or whatever. If the production system has an Internet connection or any access to any other resource the developers can access as well, they can get the key. -- Craig Ringer -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general