|From:||Antonin Houska <ah(at)cybertec(dot)at>|
|Subject:||Re: [HACKERS] WIP: Data at rest encryption|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Ants Aasma <ants(dot)aasma(at)gmail(dot)com> wrote:
> Attached to this mail is a work in progress patch that adds an
> extensible encryption mechanism. There are some loose ends left to tie
> up, but the general concept and architecture is at a point where it's
> ready for some feedback, fresh ideas and bikeshedding.
Rebased patch is attached here, in case it helps to achieve (some of) the
goals mentioned in the related thread .
Besides encrypting table and WAL pages, it encrypts the temporary files
(buffile.c), data stored during logical decoding (reorderbuffer.c) and
statistics temporary files (pgstat.c). Unlike the previous version, SLRU files
(e.g. CLOG) are not encrypted (it does not seem critical and the encryption
makes torn page write quite difficult to handle).
Another difference is that we use the OpenSSL of the (tweaked) AES XTS cipher
Binary upgrade from unencrypted to encrypted cluster is not implemented yet.
Cybertec Schönig & Schönig GmbH
Gröhrmühlgasse 26, A-2700 Wiener Neustadt
|Next Message||Michael Paquier||2018-06-27 08:29:38||Re: PANIC during crash recovery of a recently promoted standby|
|Previous Message||Amit Langote||2018-06-27 07:56:14||Re: Performance regression with PostgreSQL 11 and partitioning|