Home > mailing lists

Re: New types for transparent encryption - Mailing list pgsql-hackers

From	tomas@tuxteam.de
Subject	Re: New types for transparent encryption
Date	July 7, 2009 10:15:02
Msg-id	20090707101726.GA9083@tomas Whole thread Raw
In response to	New types for transparent encryption (Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp>)
Responses	Re: New types for transparent encryption (Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp>)
List	pgsql-hackers

Tree view

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jul 07, 2009 at 05:35:28PM +0900, Itagaki Takahiro wrote:
> Our manual says we can use pgcrypto functions or encrypted filesystems
> for data encryption.
> http://www.postgresql.org/docs/8.4/static/encryption-options.html

As other posters have put it, I'd be very sceptical of server-side
decryption. If the server "has" all the necessary bits to decrypt the
data, all bets are off.

[encryption might be OK, with an asymmetrical scheme in the
vein of public key cryptography].

A client-side decryption (and maybe encryption as well) seems way more
attractive. For that, libpqtypes[1],[2] might come in very handy.

[1] <http://pgfoundry.org/projects/libpqtypes/>
[2] <http://libpqtypes.esilo.com/>

Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKUyC2Bcgs9XrR2kYRAiJoAJ9426t1bMtZ90690cwU9X+F4GJZkgCfZsJ2
YIon8ulaHI64l5GKbDwV4hM=
=I9fS
-----END PGP SIGNATURE-----

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 07 July 2009, 09:28:14
Subject: Re: New types for transparent encryption

From: Peter Eisentraut
Date: 07 July 2009, 10:27:42
Subject: Re: Small foreign key error message improvement

Re: New types for transparent encryption - Mailing list pgsql-hackers

Previous

Next