1

I have a postgres database with some tables having columns containing some sensitive data, i used PGCRYPTO extension (pgp_pub_encrypt/pgp_pub_decrypt) to encrypt and gpg to generate public and private key pairs.

I have two questions :

  • Where should i store this pair of keys knowing that i should use the same generated private key to decrypt a column ( i tried putting it in postgresql.conf file and that's not working)

  • Can we generate key pairs for each session to make the system more secure?

Improve this question

1 Answer 1

Reset to default
2

The public key can be stored anywhere. You could store it in the database.

The private key belongs to your application. It should be stored on the application server, so that the application can supply it to decrypt the data in the database.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank's for your answer but i'm wondering how to store KEK and DEK keys and how to make a transparent data encryption alike solution to modify keys through time

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.