Forum OpenACS Q&A: Encryption of data
so, can you provide an example of the function that one can use for
thanks in advance.
are you trying to do exactly? If you're going to encrypt data, there's
got to be an encryption key, right?
Does PG automatically provide a means to store the data
encrypted and provide a key-management system, too? No. Can
you go ahead and do that on your own? Absolutely. Wouldn't it be
better to have it automatically encrypted? Probably not, as that
would provide you with a false sense of security. I wouldn't want
an entire dataset encrypted with a single key, and if there's more
than one key, where are they stored? How are they managed?
Are they stored on the same physical drive as the encrypted
data? Then what's the point?
Basically, there's no "magic encryption switch" to push no matter
what system you're using. However, if you're looking into
encrypting *certain* data (credit card #s...), and you want to chat
about methods of doing that, then that's worthwhile.
I'd actually like to implement a system similar to what Philip Greenspun describes with a public and private key but in a slightly different way. (unless a credit card processor can or already has been convinced to implement the public/private key method of handling credit card numbers)
My idea would require a separate machine that contacts the credit card processor for a decision. A public and private key are generated and the public key is stored only on the web server, the private key only on the card processor server.
- The web server machine receives the order and stores the encrypted credit card number using our public key.
- The web server machine triggers the credit card processor machine to retrieve a decision
- The card processor machine decrypts the credit card number using the private key and makes the SSL connection or whatever secure means the credit card processor has set up and retrieves the decision, storing it in the database
The store we used to run a couple of years ago (discontinued for reasons completely unrelated to security) used to store the credit card numbers in plain text and depend on our wonderful security elsewhere to keep them safe.
Yes, Ben what I am looking into is to encrypt certain information primarily credit card information in a postgres database. I understand the basic process, but the questions I am looking to get answered are:
Â· What methods are others using? Why?
Â· What effects do those methods have on the database processes?
Â· What kind of load does the encryption place on the database?
Â· What environmental conditions are required to facilitate the encryption (if any)?
Â· Any tips or tricks (a.k.a. shortcuts) or other useful info?
If anyone can let me know what methods and why they use these methods for encryption it will be great. David has already started the ball rolling.
Thanks in advance to all.