Home > mailing lists

Re: pgcrypto - real life examples to encrypt / decrypt - Mailing list pgsql-general

From	Luca Ferrari
Subject	Re: pgcrypto - real life examples to encrypt / decrypt
Date	August 3, 2021 15:43:12
Msg-id	CAKoxK+7qj0oMz+dNSoj9KR5CKHNmJVaRdSc4c9NrG1bNa2f9GA@mail.gmail.com Whole thread Raw
In response to	Re: pgcrypto - real life examples to encrypt / decrypt (Vikas Sharma <shavikas@gmail.com>)
Responses	Re: pgcrypto - real life examples to encrypt / decrypt (Joe Conway <mail@joeconway.com>)
List	pgsql-general

Tree view

On Tue, Aug 3, 2021 at 1:03 PM Vikas Sharma <shavikas@gmail.com> wrote:
> My question is, can I use the gpg public/secret key instead of the 'Secret password' in above
PGP_Sym_encrypt/decrypt? I can create a wrapper function to read the public/secret keys to hide it from appearing as
cleartext.

I think you are looking for something like:

pgp_pub_encrypt( clear_text,
               dearmor( '-----BEGIN PGP PUBLIC KEY BLOCK-----
                        ...
                        -----END PGP PUBLIC KEY BLOCK-----' ) );

>
> still researching how to encrypt a column with sensitive data as a best practice to use in OLTP production with
minimalimpact on performance.

Clearly, as you add more stuff to do, performances will be lower. I
strongly recommend you to analyze if column encryption is really what
you need for your purposes, because in my little experience it is
often too much work with regard to other approaches (e.g., disk and
backup encryption).

Luca

pgsql-general by date:

From: Luca Ferrari
Date: 03 August 2021, 15:39:16
Subject: Re: Unexpected block ID found when reading data

From: Luca Ferrari
Date: 03 August 2021, 15:54:42
Subject: Re: Postgres 9.6 to 12.7 pg_upgrade error - terminating connection due to administrator command

Re: pgcrypto - real life examples to encrypt / decrypt - Mailing list pgsql-general

Previous

Next