Re: WIP: Data at rest encryption

From: Antonin Houska <ah(at)cybertec(dot)at>
To: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc: Shawn Wang <shawn(dot)wang(at)highgo(dot)ca>, pgsql-hackers(at)lists(dot)postgresql(dot)org, Ants Aasma <ants(dot)aasma(at)eesti(dot)ee>
Subject: Re: WIP: Data at rest encryption
Date: 2019-09-04 04:56:18
Message-ID: 64821.1567572978@antos
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> wrote:

> On 2019-Aug-02, Shawn Wang wrote:
> > Hi Antonin,
> > It is very glad to see the new patch. I used the public patches a long time ago.
> > I did some tests like the stream replication, much data running, temporary files encryption.
> > I found that there is an issue in the src/backend/storage/file/encryption.c. You should put block_size = EVP_CIPHER_CTX_block_size(ctx); under the #ifdef USE_ASSERT_CHECKING.
> > There is some problem to merge your patches to the latest kernel in the pg_ctl.c.
> Is a new, fixed version going to be posted soon? It's been a while.
> Also, apologies if this has been asked before, but: how does this patch
> relate to the stuff being discussed in
>$5c70ed90$1552c8b0$ ?

This thread started later than our effort but important design questions are
being discussed there. So far there seems to be no consensus whether
full-instance encryption should be implemented first, so any effort spent on
this patch might get wasted. When/if there will be an agreement on the design,
we'll see how much of this patch can be used.

Antonin Houska

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2019-09-04 05:25:25 Re: Proposal: roll pg_stat_statements into core
Previous Message Michael Paquier 2019-09-04 04:36:52 Re: Re: Email to hackers for test coverage