Re: pgcrypto and database encryption

From: Silvana Di Martino <silvanadimartino(at)tin(dot)it>
To: Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: pgcrypto and database encryption
Date: 2004-03-08 08:10:44
Message-ID: 200403080810.44226.silvanadimartino@tin.it
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Alle 17:40, domenica 7 marzo 2004, Stephan Szabo ha scritto:
> Who has access to the unencrypted versions of the data? Are there people
> who will have access to the database who might have access to some of the
> encrypted data but not all or someone who has access to the database but
> none of the encrypted data? If so, then you presumably need a system
> where the decryption will only work for the appropriate people and that
> needs to be built in.

Yes: each "authorized operator" must be able to access data belonging to him,
only, even if the database contains data belonging to many different
operators. Moreover, SysAdmin (that are not "authorized operator") must not
be able to access any data, even if they are able to access the database (as
a whole) for maintenance. So, decryption must work for authorized operator
only.

> Also, what manipulation do you want to do with these values in the
> database? Are you going to need to subtract two encrypted dates or
> determine that one is greater than the other?

Yes: we will need to perform basic operations on encrypted dates, times and so
on. Of course, it would be great to be able to delegate the on-the-fly
decryption/encryption work to the encryption system.

> What about substring or
> ordering for encrypted strings? Does this have to be automatic or is
> explicit description of the fact that you want to decrypt them and then do
> something sufficient?

Same as above: we would need to perform substring-wise operations and ordering
on encrypted strings. The encryption/decryption mechanism should be
automatic.

>
> Finally, there are some questions about reliability of the system as a
> whole. In a system like the -pw above, where do those passwords come from,
> is it from a human typing at a console? If so, you need to consider
> downtime and recovery time issues based on who has access to the
> passwords. This doesn't so much affect the law in question but it may
> affect contracts that you have if they have downtime requirements.

The password should come from a human typing at the console (not our choice:
law imposes it). Downtime will be affected: this is out of our control and
must be accepted by our customers.

Thanks for your comments.

-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni(at)interfree(dot)it
silvanadimartino(at)tin(dot)it

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Silvana Di Martino 2004-03-08 08:37:37 Re: pgcrypto and database encryption
Previous Message matt 2004-03-07 22:16:44 Re: pgcrypto and database encryption