Quick Links

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

From:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To:	Bruce Momjian <bruce(at)momjian(dot)us>
Cc:	Joe Conway <mail(at)joeconway(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Date:	2019-07-10 17:04:47
Message-ID:	20190710170447.GA2501@alvherre.pgsql
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 2019-Jul-10, Bruce Momjian wrote:

> * Using the LSN as part of the nonce fixes both problems, and has a
> third benefit:
>
> * We don't need to decrypt/re-encrypt during CREATE DATABASE since
> the page contents are the same in both places, and once one
> database changes its pages, it gets a new LSN, and hence a new
> nonce/IV.
>
> * For each change of an 8k page, you get a new nonce/IV, so you
> are not encrypting different data with the same nonce/IV
>
> * This avoids requiring pg_upgrade to preserve database oids.

An ignorant question -- what is it that gets stored in the page for
decryption use, the nonce or the IV derived from it? I think if you
want to store the nonce, you'd have to store the database OID, because
otherwise how do you know which database OID to use to determine the
full nonce after cloning a database? You already have the table OID in
the catalog and the LSN in the page header, so you're only missing the
database OID. (Assuming you make the nonce be database OID || relation
OID || page LSN)

Also, how are key changes handled? Do we need to store a key identifier
in each page?

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-07-10 16:26:24 from Bruce Momjian

Responses

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-07-10 17:39:55 from Bruce Momjian
Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-07-10 18:38:02 from Ryan Lambert

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andres Freund	2019-07-10 17:34:30	Re: buildfarm's typedefs list has gone completely nutso
Previous Message	Dent John	2019-07-10 17:01:56	Re: (select query)/relation as first class citizen