> BTW: It looks like I'm the only one here facing this problem. That's
> surprising, given the number of countries that have a law
> like the italian
> one and the wide diffusion of PostgreSQL.
This is normal because the task to encrypt database is usually done at
hardware/OS level. In general the security of data is about a complex of
measures: it's a set of requirements to both software protection and physical
protection. The easy way(from software's perspective) to deal with the
requirements is to encrypt the whole disk(which is not a database job alone
and that's why you have little response here). By encrypting the whole disk
a) avoids many pecularities of selecting which fields, tables, etc
to encrypt and
b) solves the issue of lost (or made accesible) storage device
itself: hard disk, tape, cd, dvd or the whole server - I know at least one
case when the whole server(s) was stolen from governmental organization with
VERY sensitive personal data(it remains unknown if thieves were aware of the
cost of the data they've got into their hands) while losing laptop PC's by
CIA and alikes seems to be a daily buisness.
When it comes to that kind of protection then the encryption is done by a
black box hardware capable of destroying the key if a physical intervention
(to open the box with a screwdriver for example) is attempted.
Just a simple software solution relying on keeping keys in the server means
only that you may as well keep your data decrypted in the server and regard
it(server) as a secure black box:
- attempting to steal the server or open it and read data
should destroy the data. Or such a thing a stealing server or getting a
physical access to it should be made as expensive as decrypting data.
- all data coming in/out is decrypted/encrypted
Ideally your black box keeping the key(or the whole key hierarchy) is not
disposing the key to the outside at any time but performing the
My former company I worked for was making a PCI cards for HDD encryption
using Dallas Chip as a key storage: not a very good solution but better than
nothing. A smart card chip protected from physical intervention is probably
one of the best available solutions nowdays: it can be used as an encryption
engine or to generate session keys. Anyway, the idea is to protect the key by
all means if the server itself can not be protected equally easily.
At first glance it seems to be rather easy to protect the server if the
server is not a mobile laptop but a stationary device. The point is that
protection must extend to backups for example: it means that overall
encryption of all files (even those written to the tape or another backupe
storage) is quite a good method to protect data "in one place".
pgsql-admin by date
|Next:||From: Joe Conway||Date: 2004-03-08 17:29:01|
|Subject: Re: Database Encryption (now required by law in Italy)|
|Previous:||From: Corey Edwards||Date: 2004-03-08 16:54:06|
|Subject: Re: Postgres and multiprocessor?|