Where do you store key for encryption
Hi,
We have web application and encrypt PII columns. We use encrypt/decrypt
function for this.
Currently we hard coded the key in postgresql function which I am not
sure of it.
I did google it and people suggest that it needed to be stored in
physically isolated location (storing decryption key on the same server
as the data is kind of like writing your PIN on your ATM card).
I would like to know how postgres professionals handles this.
Thank you very much for your time in advance.
Naoko
On Tue, Nov 17, 2009 at 10:12 PM, Naoko Reeves <naoko@lawlogix.com> wrote:
Hi,
We have web application and encrypt PII columns. We use encrypt/decrypt
function for this.Currently we hard coded the key in postgresql function which I am not sure
of it.I did google it and people suggest that it needed to be stored in physically
isolated location (storing decryption key on the same server as the data is
kind of like writing your PIN on your ATM card).
Key management is a complicated topic, but I can tell you this for
sure: storing the key in the function is one of the worst places to do
it :-) Any user can pull down the entire pg_proc table and see all
your functions! (this is somewhat fixable, but It's still not the
right place IMO).
merlin
Got it.
Thank you very much for your advice.
-----Original Message-----
From: Merlin Moncure [mailto:mmoncure@gmail.com]
Sent: Tuesday, November 17, 2009 8:54 PM
To: Naoko Reeves
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Where do you store key for encryption
On Tue, Nov 17, 2009 at 10:12 PM, Naoko Reeves <naoko@lawlogix.com>
wrote:
Hi,
We have web application and encrypt PII columns. We use
encrypt/decrypt
function for this.
Currently we hard coded the key in postgresql function which I am not
sure
of it.
I did google it and people suggest that it needed to be stored in
physically
isolated location (storing decryption key on the same server as the
data is
kind of like writing your PIN on your ATM card).
Key management is a complicated topic, but I can tell you this for
sure: storing the key in the function is one of the worst places to do
it :-) Any user can pull down the entire pg_proc table and see all
your functions! (this is somewhat fixable, but It's still not the
right place IMO).
merlin
In our open-esignforms project we use a layered approach for keys in
which we have a boot key for the application that requires dual
passwords which we then combine into a single password for PBE
encryption of the boot key. We then have session keys that are
encrypted with the boot key, and the session keys are used to encrypt
one-up keys for encrypted blobs.
In your case, you could encrypt your key using PBE assuming you have a
way to provide the password to unlock it. This would allow you to
protect the key with a password, which is the most basic way to go if
you don't have a keystore to use.
David
David Wall wrote:
In our open-esignforms project we use a layered approach for keys in
which we have a boot key for the application that requires dual
passwords which we then combine into a single password for PBE
encryption of the boot key. We then have session keys that are
encrypted with the boot key, and the session keys are used to encrypt
one-up keys for encrypted blobs.In your case, you could encrypt your key using PBE assuming you have a
way to provide the password to unlock it. This would allow you to
protect the key with a password, which is the most basic way to go if
you don't have a keystore to use.
I covered this a little bit in my recent security presentation:
http://momjian.us/main/presentations.html#securing
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +