A little simplistic I would say. If you want to search a database for
the encrypted data, then you either have to store it with un-encrypted
keys or have the database know the key. Replacing the data with bad
data is a serious data integrity problem that can't be ignored. One
should know whether data has been tampered with or not. This is a form
of denial of service.
Reducing security to key management is all that PKI really is. But the
issue is a lot more than stolen or borrowed keys. How do I know that a
key belongs to the person it claims to? How do I know that the place
I'm storing my data (be it a file system or a remote database server) is
who it says it is. The issue of PKI is securing the CA and this
currently is an expensive proposition.
Just some thoughts,
Dave
John S. Gage writes:
> Simple (simplistic?) question.
>
> If the data are encrypted when they are collected, stored encrypted, and
> only decrypted by a known set of people with a known set of keys, then is
> it not true that:
>
> a) you are no longer reliant on the operating system or network security at
> all, because, at best, the data can only be removed and replaced with
> substitute data, which seeing that the data contains reasonably unique
> "identifying data" would be very difficult or impossible: in essence, the
> data could only be trashed, not falsified, and more importantly it could
> *not* be stolen
>
> b) you have reduced security to a key management problem (stolen keys,
> borrowed keys, etc.)?
>
> I'm very interested in the answer to this perhaps overly elementary question.
>
> John
>
> P.S. The question ignores the issue of electronic signatures, but that
> question is derivative I would say.
>
