Re: WIP: Data at rest encryption

From: Shawn Wang <shawn(dot)wang(at)highgo(dot)ca>
To: "Alvaro Herrera" <alvherre(at)2ndquadrant(dot)com>
Cc: "pgsql-hackers" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "Antonin Houska" <ah(at)cybertec(dot)at>, "Ants Aasma" <ants(dot)aasma(at)eesti(dot)ee>
Subject: Re: WIP: Data at rest encryption
Date: 2019-09-04 09:23:01
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

---- On Wed, 04 Sep 2019 00:56:15 +0800 Alvaro Herrera <mailto:alvherre(at)2ndquadrant(dot)com> wrote ----

On 2019-Aug-02, Shawn Wang wrote:

> Hi Antonin,

> It is very glad to see the new patch. I used the public patches a long time ago.

> I did some tests like the stream replication, much data running, temporary files encryption.

> I found that there is an issue in the src/backend/storage/file/encryption.c. You should put block_size = EVP_CIPHER_CTX_block_size(ctx); under the #ifdef USE_ASSERT_CHECKING.

> There is some problem to merge your patches to the latest kernel in the pg_ctl.c.

Is a new, fixed version going to be posted soon? It's been a while. 

Also, apologies if this has been asked before, but: how does this patch

relate to the stuff being discussed in$5c70ed90$1552c8b0$ ?

Hi Álvaro,

Thank you for a reply.

I mainly said that the issues in the src/backend/storage/file/encryption.c. If somebody want to use these patches, I think Antonin need to fix it.

It does not relate to the stuff being discussed in TDE. As I know, some company use these patches to encrypt data, even if these issues don't matter.



Shawn Wang

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Sergei Kornilov 2019-09-04 09:29:13 Re: pg_get_databasebyid(oid)
Previous Message Andrey Borodin 2019-09-04 09:22:20 Re: pglz performance