Re: Encryption in pg_dump

On 7/23/20 4:05 AM, Paul Förster wrote:
> Hi Tal,
>
>> On 23. Jul, 2020, at 10:27, Tal Glo <glozmantal@gmail.com> wrote:
>> There is a way to implement full homomorphic encryption (FHE) with Postgres.
> ok.
>
>> I've used a relatively old version (2.3.1) of Microsoft's SEAL library in my University project for that.
> I don't know about Windows but I assume, Linux would be similar?
>
>> 2. Handling queries related to FHE encrypted attributes on the server side requires an implementation of own C
languagefunctions.
 
> we don't do that. Also, we have third party applications. In case they need to be modified, this is impossible.

That was my first thought, too.  We mostly run 3rd party applications, with 
very little home-grown.  TDE (transparent data encryption) is the only 
reasonable work-around.

>> It's not always a good Idea to say that something cannot be done or that some one needs to be replaced. Sometimes
it'sworth to develop some new process, based on a mixture of available technologies out there.
 
> right, but only if it makes sense. To put a wallet in the file system and its key right next to it does not make
sensebut only serves to make IT heads and security "gurus" go quiet. In these cases, only replacing them by competent
oneshelps.
 

Which is as unlikely as getting all 3rd party vendors to implement 
application-level encryption.

-- 
Angular momentum makes the world go 'round.