1

I have a postgres database with some tables having columns containing some sensitive data, i used PGCRYPTO extension (pgp_pub_encrypt/pgp_pub_decrypt) to encrypt and gpg to generate public and private key pairs.

I have two questions :

  • Where should i store this pair of keys knowing that i should use the same generated private key to decrypt a column ( i tried putting it in postgresql.conf file and that's not working)

  • Can we generate key pairs for each session to make the system more secure?

gat kipper
  • 61
  • 2
  • 9

1 Answers1

2

The public key can be stored anywhere. You could store it in the database.

The private key belongs to your application. It should be stored on the application server, so that the application can supply it to decrypt the data in the database.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • Thank's for your answer but i'm wondering how to store KEK and DEK keys and how to make a transparent data encryption alike solution to modify keys through time – gat kipper Sep 29 '20 at 14:21