I am running an oracle database with the application written in PHP.

I would like to be able to have the option to encrypt data residing in
certain columns in certain tables i.e. encrypt the SSNO column but not
the Fname column. I would like to keep it in its encrypted form in the
database but I would like to be able to show it to certain privileged
people based on a password.

Can public key encryption be incorporated here in the php application
such that if I can encrypt the data based on a key that in it self can
be encrypted in a way that you can revoke certain passwords if the
employee leaves - much that same way you have revocation lists
management in PGP.

Are there any suggestions on how to go about incorporating FLEXIBLE
encryption of data with PHP and Oracle?

Any help appreciated.

OFM wrote:

You need a lot of help with this - I think you need to re-examine your
problems here. Do you really not trust the PHP code? If not how are you
going to securely supply decryption tokens to your running code? Where will
the users private keys reside? Do you really want public key encryption or
are you looking for shared keys? Can you afford the performance overhead of
per-attribute public key encryption?

If you are working some where that actually needs Oracle and this kind of
security, then really the people you work for should be able to rent a
consultant for a few days to work on this. But by the sound of things
you've not even got clear objectives of what you are trying to achieve.

C.