Forum OpenACS Q&A: Encryption of data

Collapse
Posted by Leonard Fiadzinu on
Does anyone know of a way to store encryted data in postgres, and if
so, can you provide an example of the function that one can use for
this.

thanks in advance.

Collapse
Posted by Ben Adida on
Going through some unanswered posts here... Leonard, what
are you trying to do exactly? If you're going to encrypt data, there's
got to be an encryption key, right?

Does PG automatically provide a means to store the data
encrypted and provide a key-management system, too? No. Can
you go ahead and do that on your own? Absolutely. Wouldn't it be
better to have it automatically encrypted? Probably not, as that
would provide you with a false sense of security. I wouldn't want
an entire dataset encrypted with a single key, and if there's more
than one key, where are they stored? How are they managed?
Are they stored on the same physical drive as the encrypted
data? Then what's the point?

Basically, there's no "magic encryption switch" to push no matter
what system you're using. However, if you're looking into
encrypting *certain* data (credit card #s...), and you want to chat
about methods of doing that, then that's worthwhile.

Collapse
Posted by Roberto Mello on
I'd would like to know what people are using to encrypt data and store in PG, like credit card #s for example.
Collapse
Posted by David Walker on
I don't have any current systems that store credit card numbers but I do have one site that requires encrypted data storage for private information. For that I'm using the loopback encrypted filesystem with the crypto kernel patch for the Linux 2.2.18 kernel.

I'd actually like to implement a system similar to what Philip Greenspun describes with a public and private key but in a slightly different way. (unless a credit card processor can or already has been convinced to implement the public/private key method of handling credit card numbers)

My idea would require a separate machine that contacts the credit card processor for a decision. A public and private key are generated and the public key is stored only on the web server, the private key only on the card processor server.
  • The web server machine receives the order and stores the encrypted credit card number using our public key.
  • The web server machine triggers the credit card processor machine to retrieve a decision
  • The card processor machine decrypts the credit card number using the private key and makes the SSL connection or whatever secure means the credit card processor has set up and retrieves the decision, storing it in the database
If an instant decision is required then some communication may be required between the web server and the processor machine but that can be limited to something like "get me a decision for order #2341". "OK, I'm done with order #2341. Go check the database for my decision".

The store we used to run a couple of years ago (discontinued for reasons completely unrelated to security) used to store the credit card numbers in plain text and depend on our wonderful security elsewhere to keep them safe.
Collapse
Posted by Leonard Fiadzinu on
Thanks’ Ben, Roberto and David for taking the time to respond

Yes, Ben what I am looking into is to encrypt certain information primarily credit card information in a postgres database.  I understand the basic process, but the questions I am looking to get answered are:

·    What methods are others using?  Why?
·    What effects do those methods have on the database processes?
·    What kind of load does the encryption place on the database?
·    What environmental conditions are required to facilitate the encryption (if any)?
·    Any tips or tricks (a.k.a. shortcuts) or other useful info?

If anyone can let me know what methods and why they use these methods for encryption it will be great.  David has already started the ball rolling.

Thanks in advance to all.

Collapse
Posted by Michael A. Cleverly on
Roberto, for DeseretBook.com we decided to use gpg to encrypt the credit card information on the web server.  The private key is (obviously) not on a net-accessible machine, but we can copy the encrypted clob and decrypt it manually as needed.  An nsgpg.so would be nice someday. 😊