On 8/3/21 8:43 AM, Luca Ferrari wrote:
On Tue, Aug 3, 2021 at 1:03 PM Vikas Sharma <shavikas@xxxxxxxxx> wrote:
My question is, can I use the gpg public/secret key instead of the 'Secret password' in above PGP_Sym_encrypt/decrypt? I can create a wrapper function to read the public/secret keys to hide it from appearing as clear text.
I think you are looking for something like:
pgp_pub_encrypt( clear_text,
dearmor( '-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----' ) );
still researching how to encrypt a column with sensitive data as a best practice to use in OLTP production with minimal impact on performance.
Clearly, as you add more stuff to do, performances will be lower. I
strongly recommend you to analyze if column encryption is really what
you need for your purposes, because in my little experience it is
often too much work with regard to other approaches (e.g., disk and
backup encryption).
Generally agreed. This topic is vast and complex and probably beyond
what most people want to discuss by typing (at least for me) ;-)
That said, you might find this extension written by Bruce Momjian useful:
https://momjian.us/download/pgcryptokey/
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
