0

I am working on a system where consistent encryption is required on both the .NET client side and within a PostgreSQL database using the pgcrypto extension's pgp_sym_encrypt function.

The PostgreSQL function offers features like:

  1. Integrity Protection: Prevents tampering by incorporating integrity checks.
  2. Compression and Algorithms: Supports compression and multiple encryption algorithms.
  3. Ease of Use: Handles larger data sizes without requiring manual management of an Initialization Vector (IV).

My goal is to implement an equivalent encryption process in .NET that is compatible with the pgp_sym_encrypt format.

What I’ve tried so far:

  • Researching .NET cryptographic libraries and attempting to mimic pgp_sym_encrypt, but I’m struggling to replicate the specific encryption format.
  • Studying the pgcrypto documentation for details, but it doesn't provide clear guidance for replicating the behavior in other environments.

How can I implement encryption in .NET that matches the behavior and format of pgp_sym_encrypt in PostgreSQL?

Improve this question
5
  • It is not a proprietary format, it is just the pgp format. I think any library for .net that deals with pgp format should be compatible. Commented Nov 20, 2024 at 21:04
  • How is this meant to work? php_sym_encrypt runs within Postgres - but presumably your .NET code runs in your application's process. Please share an example PL/pgSQL program or query that uses pgp_sym_encrypt and an example .NET program that would get the data from Postgres. Commented Nov 21, 2024 at 8:29
  • @Dai. I am required to perform encryption/decryption in the client but also decryption in the database (for sorting and filtering queries). Handling the encryption just in the client would require to load all rows into memory. Handling encryption just in the database would require lots of extra DB-logic and I would have to move away from many EF-core features. I managed to solve this problem with the raw sql-function decrypt_iv, but would like to use php_sym_decrypt because it has implemented security features internally. Commented Nov 21, 2024 at 10:04
  • It's just 3 columns in the whole database. The goal is not to encrypt the whole database. Also, just using encryption at rest would introduce new risks. Commented Nov 21, 2024 at 10:08
  • @Dai I would appreciate if you could share resources on how to do it the right way (column encryption in combination with EF core and Postgres). Commented Nov 21, 2024 at 10:11
Related questions
2642
How to show tables in PostgreSQL?
2253
PostgreSQL "DESCRIBE TABLE"
1993
How can I change a PostgreSQL user password?
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.