Thread: data encryption

Does anyone have experience using the feature in PG 8.4 (maybe earlier
versions too??) to store specific columns in an encrypted format?  We are
gathering sensitive data for medical studies and want to use Postgresql,
however, we need to insure that the data is secure to satisfy federal
HIPAA regulations.  One way to do that would be to store some or all of it
in an encrypted format.

On Tue, Nov 24, 2009 at 10:49 AM,  <lcarson@ucsd.edu> wrote:
> Does anyone have experience using the feature in PG 8.4 (maybe earlier
> versions too??) to store specific columns in an encrypted format?  We are
> gathering sensitive data for medical studies and want to use Postgresql,
> however, we need to insure that the data is secure to satisfy federal
> HIPAA regulations.  One way to do that would be to store some or all of it
> in an encrypted format.

Here is a presentation that give a high level view of how to secure the data.

http://momjian.us/main/writings/pgsql/securing.pdf


--
Regards,
Richard Broersma Jr.

Visit the Los Angeles PostgreSQL Users Group (LAPUG)
http://pugs.postgresql.org/lapug

lcarson@ucsd.edu wrote:
> Does anyone have experience using the feature in PG 8.4 (maybe earlier
> versions too??) to store specific columns in an encrypted format?  We are
> gathering sensitive data for medical studies and want to use Postgresql,
> however, we need to insure that the data is secure to satisfy federal
> HIPAA regulations.  One way to do that would be to store some or all of it
> in an encrypted format.

See:
  http://www.postgresql.org/docs/8.4/interactive/pgcrypto.html

But the tricky part is the key management more so than the encryption.

Joe