Skip site navigation (1) Skip section navigation (2)

Re: Simple Text Field Encryption

From: "Damian Carey" <jamianb(at)gmail(dot)com>
To: gcj <gauss21(at)comcast(dot)net>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: Simple Text Field Encryption
Date: 2008-10-23 20:38:53
Message-ID: 2bbc8f530810231338r2dadf57cg434af7e4127a85e@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-novice
On Wed, Oct 22, 2008 at 4:11 AM, gcj <gauss21(at)comcast(dot)net> wrote:
> I'm looking for a simple way to encrypt the contents of a text field in one
> of my Postgres tables.  I'm not looking for anything that is bullet-proof --
> just something that would mask the field's contents from a casual user
> looking at the table via pgAdminIII or any other client application / query.
>
> I'm hoping there is a built-in Postgres function that I could call from my
> java web application to encrypt/mask a text string and then store the
> encrypted value in the DB.  Thereafter, I would be able to query the
> encrypted field, de-crypt back to the original value, etc.
>
> Any suggestions would be appreciated.
>

To handle it Java side you could check out this link ...
http://timarcher.com/?q=node/51

Note the comments following the article warn of the limitations of
this technique. However, it does seem to be adequate for what you have
requested.

I'm a postgres novice, but my guess is that if your Java app could use
postgres to crypt/decrypt that internally then the
KGB/CIA/Stasi/Greenpeace/Amnesty etc could use pgAdminIII (or
whatever) to get postgres to decrypt it just as easily.

HTH,
-Damian

In response to

pgsql-novice by date

Next:From: LevĂ­ Teodoro da SilvaDate: 2008-10-24 11:59:12
Subject: [INSERT]Insert blank values
Previous:From: Bruce HyattDate: 2008-10-23 17:16:58
Subject: Re: Simple Text Field Encryption

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group