When backing up databases/table to files I needed to have them encrypted for security and compliance. But there were a few concerns:
- I didn't want the file to be in plaintext, ever.
- I didn't want that same user to be able to decrypt the file later in case the account was compromised.
So, Pub/Priv is great for #2. Unfortunately, Pub/Priv is not made for large files, therefor I decided follow this process:
- Generate symetric key
- Encrypt files in-line w/ symetric key using AES-256-CBC