| From: | Antonin Houska <ah(at)cybertec(dot)at> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Shawn Wang <shawn(dot)wang(at)highgo(dot)ca>, pgsql-hackers(at)lists(dot)postgresql(dot)org, Ants Aasma <ants(dot)aasma(at)eesti(dot)ee> |
| Subject: | Re: WIP: Data at rest encryption |
| Date: | 2019-09-04 04:56:18 |
| Message-ID: | 64821.1567572978@antos |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> wrote:
> On 2019-Aug-02, Shawn Wang wrote:
>
> > Hi Antonin,
> > It is very glad to see the new patch. I used the public patches a long time ago.
> > I did some tests like the stream replication, much data running, temporary files encryption.
> > I found that there is an issue in the src/backend/storage/file/encryption.c. You should put block_size = EVP_CIPHER_CTX_block_size(ctx); under the #ifdef USE_ASSERT_CHECKING.
> > There is some problem to merge your patches to the latest kernel in the pg_ctl.c.
>
> Is a new, fixed version going to be posted soon? It's been a while.
>
> Also, apologies if this has been asked before, but: how does this patch
> relate to the stuff being discussed in
> https://postgr.es/m/031401d3f41d$5c70ed90$1552c8b0$@lab.ntt.co.jp ?
This thread started later than our effort but important design questions are
being discussed there. So far there seems to be no consensus whether
full-instance encryption should be implemented first, so any effort spent on
this patch might get wasted. When/if there will be an agreement on the design,
we'll see how much of this patch can be used.
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-09-04 05:25:25 | Re: Proposal: roll pg_stat_statements into core |
| Previous Message | Michael Paquier | 2019-09-04 04:36:52 | Re: Re: Email to hackers for test coverage |