On Fri, 2006-01-20 at 14:24, David Blewett wrote: > I'm not sure if this is the right list for this message; if it's not, > let me know and I'll take it up elsewhere. I found this thread today: > <http://groups.google.com/group/comp.databases.postgresql.hackers/browse_thread/thread/4587283b3b3a5aec> > > I would be very interested if it's possible to encrypt data in > Postgres, at a lower level than individual columns but not as low as > the filesystem. I.e., either be able to encrypt a single database or a > single table but still be able to use normal SQL against it. > > I'm designing an IMAP server that will be using Peter Gutmann's > Cryptlib to encrypt the message bodies using different keys for each > user, and storing it as a binary large object in Postgres. However, I > still would like to do full-text indexing of the mail. I would index > the message, then encrypt it and store it in the database. This leaves > the fulltext index open to attack, however. While the complete message > would probably not be reproducible (someone correct me?), a significant > portion of it probably could. > > Having the table containing the index, or the database object, > encrypted would protect against system admins, IF they've got root, and the unencrypted data or the password / key is on the machine or in memory on it, you've lost. It may make it harder for them to get it, but they can.
