Re: Proposed patch for key management

From: Alastair Turner <minion(at)decodable(dot)me>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>, Stephen Frost <sfrost(at)snowman(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>
Subject: Re: Proposed patch for key management
Date: 2021-01-05 21:28:04
Message-ID: CAC0GmywLRCqOKOKHPcQESQw2cjP+n99T4rY+iYvqfwOCSaUxjg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, 4 Jan 2021 at 17:56, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
> On Sat, Jan 2, 2021 at 12:47:19PM +0000, Alastair Turner wrote:
> >
> > There is also a further validation task - probably beyond the scope of
> > the key management patch and into the encryption patch[es] territory -
> > checking that the keys supplied are the same keys in use for the data
> > currently on disk. It feels to me like this should be done at startup,
> > rather than as each file is accessed, which could make startup quite
> > slow if there are a lot of keys with narrow scope.
>
> We do that already on startup by using GCM to validate the KEK when
> encrypting each DEK.
>
Which validates two things - that the KEK is the same one which was
used to encrypt the DEKs (instead of returning garbage plaintext when
given a garbage key), and that the DEKs have not been tampered with at
rest. What it does not check is that the DEKs are the keys used to
encrypt the data, that one has not been copied or restored independent
of the other.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeff Davis 2021-01-05 21:28:59 Re: New Table Access Methods for Multi and Single Inserts
Previous Message Thomas Munro 2021-01-05 21:21:22 Re: Context diffs