Re: pgcrypto - real life examples to encrypt / decrypt

On 8/3/21 8:43 AM, Luca Ferrari wrote:
> On Tue, Aug 3, 2021 at 1:03 PM Vikas Sharma <shavikas@gmail.com> wrote:
>> My question is, can I use the gpg public/secret key instead of the 'Secret password' in above
PGP_Sym_encrypt/decrypt? I can create a wrapper function to read the public/secret keys to hide it from appearing as
cleartext.
 
> 
> I think you are looking for something like:
> 
> pgp_pub_encrypt( clear_text,
>                 dearmor( '-----BEGIN PGP PUBLIC KEY BLOCK-----
>                          ...
>                          -----END PGP PUBLIC KEY BLOCK-----' ) );
> 
> 
>>
>> still researching how to encrypt a column with sensitive data as a best practice to use in OLTP production with
minimalimpact on performance.
 
> 
> Clearly, as you add more stuff to do, performances will be lower. I
> strongly recommend you to analyze if column encryption is really what
> you need for your purposes, because in my little experience it is
> often too much work with regard to other approaches (e.g., disk and
> backup encryption).

Generally agreed. This topic is vast and complex and probably beyond 
what most people want to discuss by typing (at least for me) ;-)

That said, you might find this extension written by Bruce Momjian useful:

https://momjian.us/download/pgcryptokey/

HTH,

Joe
-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development