> An application using libpq would require that the private unencrypted key be
> deployed to the end user, together with the public key and trust cert. This
> would mean if the end user is curious enough and computer litterate, he can
> bypass the client application and make a direct connection to the server with
> psql for example. It's then possible to issue commands like TRUNCATE TABLE...
Sorry, I don't know anything about postgresql.key; but regardless of
how you identify and authenticate you need to secure your database from
rogue user actions.
A user must have the TRUNCATE privilege to truncate a table or be the
tables owner.
OGo=> truncate table person;
ERROR: must be owner of relation person