You didn’t really state where you’re trying to protect that data, so I’ve got several thoughts…
If you’re securing files on the filesystem or that are to be transported over the wire (mail, socket, ftp, http, etc.), then I would use PGP (gnupg on linux) via
If you’re just stuffing things into the database, then you can do multi-pass encryption (ex: the triple pass ‘db’ encryption in https://github.com/ddspringle/framework-one-secure-auth/blob/master/model/services/SecurityService.cfc).
A not very secure alternative would be to use the PBE encryption method available with
encrypt() which let’s you use a salt (password) to secure the data. You could also use some combination thereof.
Either way, using PKI for the database is probably overkill and there are easier ways to implement user level security (e.g. unique keys per user) than having to resort to PKI techniques. That said, there is nothing stopping you from using PGP and storing the result in the database either.
And if you’re real adventurous Bouncy Castle is included with Lucee, so you could drop down into Java and do all kinds of PKI encryption available there. Including PGP. You could also try and use http://pgp.riaforge.org/ which uses Bouncy Castle under the hood. There were some PGP changes in either 1.57 or 1.59 of Bouncy Castle iirc though so YMMV.
Not so much a ‘process’ for you, but a handful of ideas to consider. Implementation is pretty straight forward in all but the last couple of cases.