Search Postgresql Archives

Re: PGP encrypt/decrypt - Prereqistes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14/06/11 11:51, Vikram A wrote:
> Dear Mr. Craig Ringer,
> Thank you for your response. 
> I would like to crypt certain sensitive information in my applications
> such as Student register number, their marks, results etc. For this
> reason i done a study for doing encryption. Where I found that this PGP
> will help the encryption/decryption.

Sure. You can also just use a simple symmetric cypher for that sort of
thing, unless you know you need the ability to encrypt data without
knowing the secret key.

Since I presume your application needs to be able to *read* the data it
has written, and needs to be able to access that data in decrypted form,
I doubt you really need a public key system like PGP. Your application
will need to know the secret key to decrypt the data anyway.

> Any other methods/techniques are there for encryption?

Symmetric cyphers like AES. They're faster and easier to work with, just
a bit less flexible.

> I
> prefer encryption with "key"; key also should not be known to Developers. 

All encryption systems use a key. Do you mean a separate public and
private key? If so: why? What specific advantages does that gain you in
your situation?

Public key crypto (for encryption) is mostly useful when you have
less-trusted users/clients/whatever sending you information that you
want to keep secret from other people and from other users, so only a
few people can *read* the information even though many can *write* it.
If this is your situation you might have a use for pgcrypto's PGP
support; otherwise I'd suggest using a symmetric key for simplicity.

As for secrecy: You can't really keep the key secret from the developers
if they will have any access to the production system (for testing,
troubleshooting, performance tuning, etc). That's because the production
system needs to know the decryption key, and if the system knows the key
the developers of the system can get it to reveal that key.

Even if you don't give the developers the key, nothing stops them
modifying the program so that it emails a copy of the key to them
whenever it loads a key, or saves an unencrypted copy to a file on a
shared drive, or whatever. If the production system has an Internet
connection or any access to any other resource the developers can access
as well, they can get the key.

--
Craig Ringer

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux