This recipe shows you how to encrypt data using the pgcrypto
contrib package.
Make sure you (and/or your database server) are in a country where encryption is not illegal—it still is in some countries.
In order to create and manage PGP keys, you also need the well-known GnuPG
command-line utility, which is available on practically all distributions.
pgcrypto
is part of the contrib collection. Starting from version 10, on Debian and Ubuntu it is part of the main postgresql-10
server package, while in previous versions there was a separate package, for example, postgresql-contrib-9.6
.
Install it on the database in which you want to use it, following the Adding an external module to PostgreSQL recipe from Chapter 3, Configuration.
You also need to have PGP keys set up:
pguser@laptop:~$ gpg --gen-key
Answer some questions here (the defaults are OK, unless you are an expert), select the key type as DSA and Elgamal
, and enter an empty password.
Now, export the keys...