Thread: Where do you store key for encryption
Hi,
We have web application and encrypt PII columns. We use encrypt/decrypt function for this.
Currently we hard coded the key in postgresql function which I am not sure of it.
I did google it and people suggest that it needed to be stored in physically isolated location (storing decryption key on the same server as the data is kind of like writing your PIN on your ATM card).
I would like to know how postgres professionals handles this.
Thank you very much for your time in advance.
Naoko
On Tue, Nov 17, 2009 at 10:12 PM, Naoko Reeves <naoko@lawlogix.com> wrote: > Hi, > > We have web application and encrypt PII columns. We use encrypt/decrypt > function for this. > > Currently we hard coded the key in postgresql function which I am not sure > of it. > > I did google it and people suggest that it needed to be stored in physically > isolated location (storing decryption key on the same server as the data is > kind of like writing your PIN on your ATM card). Key management is a complicated topic, but I can tell you this for sure: storing the key in the function is one of the worst places to do it :-) Any user can pull down the entire pg_proc table and see all your functions! (this is somewhat fixable, but It's still not the right place IMO). merlin
Got it. Thank you very much for your advice. -----Original Message----- From: Merlin Moncure [mailto:mmoncure@gmail.com] Sent: Tuesday, November 17, 2009 8:54 PM To: Naoko Reeves Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] Where do you store key for encryption On Tue, Nov 17, 2009 at 10:12 PM, Naoko Reeves <naoko@lawlogix.com> wrote: > Hi, > > We have web application and encrypt PII columns. We use encrypt/decrypt > function for this. > > Currently we hard coded the key in postgresql function which I am not sure > of it. > > I did google it and people suggest that it needed to be stored in physically > isolated location (storing decryption key on the same server as the data is > kind of like writing your PIN on your ATM card). Key management is a complicated topic, but I can tell you this for sure: storing the key in the function is one of the worst places to do it :-) Any user can pull down the entire pg_proc table and see all your functions! (this is somewhat fixable, but It's still not the right place IMO). merlin
In our open-esignforms project we use a layered approach for keys in which we have a boot key for the application that requires dual passwords which we then combine into a single password for PBE encryption of the boot key. We then have session keys that are encrypted with the boot key, and the session keys are used to encrypt one-up keys for encrypted blobs. In your case, you could encrypt your key using PBE assuming you have a way to provide the password to unlock it. This would allow you to protect the key with a password, which is the most basic way to go if you don't have a keystore to use. David
David Wall wrote:
> In our open-esignforms project we use a layered approach for keys in
> which we have a boot key for the application that requires dual
> passwords which we then combine into a single password for PBE
> encryption of the boot key. We then have session keys that are
> encrypted with the boot key, and the session keys are used to encrypt
> one-up keys for encrypted blobs.
>
> In your case, you could encrypt your key using PBE assuming you have a
> way to provide the password to unlock it. This would allow you to
> protect the key with a password, which is the most basic way to go if
> you don't have a keystore to use.
I covered this a little bit in my recent security presentation:
http://momjian.us/main/presentations.html#securing
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +