Forum OpenACS Q&A: Response to Encryption of data

Posted by Ben Adida on
Going through some unanswered posts here... Leonard, what
are you trying to do exactly? If you're going to encrypt data, there's
got to be an encryption key, right?

Does PG automatically provide a means to store the data
encrypted and provide a key-management system, too? No. Can
you go ahead and do that on your own? Absolutely. Wouldn't it be
better to have it automatically encrypted? Probably not, as that
would provide you with a false sense of security. I wouldn't want
an entire dataset encrypted with a single key, and if there's more
than one key, where are they stored? How are they managed?
Are they stored on the same physical drive as the encrypted
data? Then what's the point?

Basically, there's no "magic encryption switch" to push no matter
what system you're using. However, if you're looking into
encrypting *certain* data (credit card #s...), and you want to chat
about methods of doing that, then that's worthwhile.