Using column-level encryption
The user can encrypt data in the database so that it is not visible to the hosting provider. In general, this means that the data cannot then be used for searching or indexing, unless you use homomorphic encryption.
The strictest form of encryption would be client-side encryption so that all the database knows about is a blob of data, which would then normally be stored in a bytea database column, but could be others.
Data can also be encrypted server-side before it is returned to the user using the pgcrypto
contrib
package provided as an extension with PostgreSQL.
Getting ready
Make sure you (and/or your database server) are in a country where encryption is legal—in some countries, it is either banned completely or a license is required.
In order to create and manage Pretty Good Privacy (PGP) keys, you also need the well-known GnuPG
command-line utility, which is available on practically all distributions.
pgcrypto
is part of...