Re: PGP encrypt/decrypt - Prereqistes - Mailing list pgsql-general
| From | Vikram A |
|---|---|
| Subject | Re: PGP encrypt/decrypt - Prereqistes |
| Date | |
| Msg-id | 665237.98219.qm@web137407.mail.in.yahoo.com Whole thread Raw |
| In response to | Re: PGP encrypt/decrypt - Prereqistes (Craig Ringer <craig@postnewspapers.com.au>) |
| Responses |
Re: PGP encrypt/decrypt - Prereqistes
|
| List | pgsql-general |
Dear Ringer,
My application work in a LAN. It will not with across internet. Number users also less than 25. Only certain information to be cipher. Also I do not want such a complicated public and private key as PGP defines. As you said, I would like to go for simple[Symmetric] method with our own key.
I agree that, we can not keep the key secret from the developers. My question is "If the developer/or one is knowing the key is left the organization" It is ultimately waste of doing encryption know? Is there any way to avoid such things?
Also we can not change the key also once it used.
Please give your thoughts on this.
Thank you
Vikram
From: Craig Ringer <craig@postnewspapers.com.au>
To: Vikram A <vikkiatbipl@yahoo.in>
Cc: PGSQL - Genearal <pgsql-general@postgresql.org>
Sent: Tuesday, 14 June 2011 11:00 AM
Subject: Re: [GENERAL] PGP encrypt/decrypt - Prereqistes
On 14/06/11 11:51, Vikram A wrote:
> Dear Mr. Craig Ringer,
> Thank you for your response.
> I would like to crypt certain sensitive information in my applications
> such as Student register number, their marks, results etc. For this
> reason i done a study for doing encryption. Where I found that this PGP
> will help the encryption/decryption.
Sure. You can also just use a simple symmetric cypher for that sort of
thing, unless you know you need the ability to encrypt data without
knowing the secret key.
Since I presume your application needs to be able to *read* the data it
has written, and needs to be able to access that data in decrypted form,
I doubt you really need a public key system like PGP. Your application
will need to know the secret key to decrypt the data anyway.
> Any other methods/techniques are there for encryption?
Symmetric cyphers like AES. They're faster and easier to work with, just
a bit less flexible.
> I
> prefer encryption with "key"; key also should not be known to Developers.
All encryption systems use a key. Do you mean a separate public and
private key? If so: why? What specific advantages does that gain you in
your situation?
Public key crypto (for encryption) is mostly useful when you have
less-trusted users/clients/whatever sending you information that you
want to keep secret from other people and from other users, so only a
few people can *read* the information even though many can *write* it.
If this is your situation you might have a use for pgcrypto's PGP
support; otherwise I'd suggest using a symmetric key for simplicity.
As for secrecy: You can't really keep the key secret from the developers
if they will have any access to the production system (for testing,
troubleshooting, performance tuning, etc). That's because the production
system needs to know the decryption key, and if the system knows the key
the developers of the system can get it to reveal that key.
Even if you don't give the developers the key, nothing stops them
modifying the program so that it emails a copy of the key to them
whenever it loads a key, or saves an unencrypted copy to a file on a
shared drive, or whatever. If the production system has an Internet
connection or any access to any other resource the developers can access
as well, they can get the key.
--
Craig Ringer
pgsql-general by date: