Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

hello ...

we are actually planning to move this forward but we did not get around
to actually sit down and do it.
the thing is: we would really like to push this forward and we would
certainly be happy if the community could reach a consenus on HOW TO
implement it and what we really want.
the reason we went for block level encryption in the first place is that
it makes key management really comparatively easy.
there is a module in the server (plugin architecture), which arranges
the key so that you an start up. that could be a command line prompt,
some integration into some fancy key management or whatever means the
user wants. it is really really easy. also, TDE has encryption for
everything short of the clog and the textual log (which is pretty
pointless).
the clog encryption was left out for reliability issues (robert pointed
out and issue with torn writes).
so, if we could somehow find a way to implement this which has a chance
to actually get committed we are super open to put a lot more effort
into that.
of course we are also open to helping hands.

in short: what does the community think? how shall we proceed?

    many thanks,

        hans

On 2/6/19 8:08 PM, Ibrar Ahmed wrote:
>
> On Tue, Jul 3, 2018 at 5:37 PM Moon, Insung
> <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp <mailto:Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>>
> wrote:
>
> Dear Tom Lane.
>
> > -----Original Message-----
> > From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us <mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us>]
> > Sent: Monday, June 18, 2018 11:52 PM
> > To: Robert Haas
> > Cc: Joe Conway; Masahiko Sawada; Moon, Insung;
> PostgreSQL-development
> > Subject: Re: [Proposal] Table-level Transparent Data Encryption
> (TDE) and Key Management Service (KMS)
> >
> > Robert Haas <robertmhaas(at)gmail(dot)com
> <mailto:robertmhaas(at)gmail(dot)com>> writes:
> > > On Mon, Jun 18, 2018 at 10:12 AM, Joe Conway
> <mail(at)joeconway(dot)com <mailto:mail(at)joeconway(dot)com>> wrote:
> > >> Not necessarily. Our pages probably have enough predictable
> bytes to
> > >> aid cryptanalysis, compared to user data in a column which
> might not
> > >> be very predicable.
> >
> > > Really?  I would guess that the amount of entropy in a page is WAY
> > > higher than in an individual column value.
> >
> > Depending on the specifics of the encryption scheme, having some
> amount of known (or guessable) plaintext may allow breaking
> > the cipher, even if much of the plaintext is not known.  This is
> cryptology 101, really.
> >
> > At the same time, having to have a bunch of
> independently-decipherable short field values is not real secure
> either, especially
> > if they're known to all be encrypted with the same key.  But
> what you know or can guess about the plaintext in such cases
> > would be target-specific, rather than an attack that could be
> built once and used against any PG database.
>
> Yes. If there is known to guessable data of encrypted data, maybe
> there is a  possibility of decrypting the encrypted data.
>
> But would it be safe to use an additional encryption mode such as
> GCM or XFS to solve this problem?
> (Do not use the same IV)
>
> Thank you and Best regards.
> Moon.
>
>
> >
> >                       regards, tom lane
>
>
>
>
>
> Hi Moon,
>
> Have you done progress on that patch? I am thinking to work on the
> project and found that you are already working on it. The last message
> is almost six months old. I want to check with you that are you still
> working on that, if yes I can help on that by reviewing the patch etc.
> If you are not working on that anymore, can you share your done work
> (if possible)?
> --
> Ibrar Ahmed

--
Hans-Jürgen Schönig
Cybertec Schönig & Schönig GmbH
Gröhrmühlgasse 26
A-2700 Wiener Neustadt
Web: https://www.cybertec-postgresql.com