From: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
---|---|
To: | Sehrope Sarkuni <sehrope(at)jackdb(dot)com> |
Cc: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Bruce Momjian <bruce(at)momjian(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Stephen Frost <sfrost(at)snowman(dot)net>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
Date: | 2019-07-30 12:14:03 |
Message-ID: | CAD21AoA4F4ge_6SqWKC5J_23erbVrht9j2H0uqO2SzPujirn+Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Jul 29, 2019 at 8:18 PM Sehrope Sarkuni <sehrope(at)jackdb(dot)com> wrote:
>
> On Mon, Jul 29, 2019 at 6:42 AM Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
> > > An argument could be made to push that problem upstream, i.e. let the
> > > supplier of the passphrase deal with the indirection. You would still
> > > need to verify the supplied passphrase/key is correct via something
> > > like authenticating against a stored MAC.
> >
> > So do we need the key for MAC of passphrase/key in order to verify?
>
> Yes. Any 128 or 256-bit value is a valid AES key and any 16-byte input
> can be "decrypted" with it in both CTR and CBC mode, you'll just end
> up with garbage data if the key does not match. Verification of the
> key prior to usage (i.e. starting DB and encrypting/decrypting data)
> is a must as otherwise you'll end up with all kinds of corruption or
> data loss.
>
Do you mean that we encrypt and store a 16 byte input with the correct
key to the disk, and then decrypt it with the user supplied key and
compare the result to the input data?
> From a single user supplied passphrase you would derive the MDEK and
> compute a MAC (either using the same key or via a separate derived
> MDEK-MAC key). If the computed MAC matches against the previously
> stored value then you know the MDEK is correct as well.
You meant KEK, not MDEK?
Regards,
--
Masahiko Sawada
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2019-07-30 12:16:04 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
Previous Message | Thomas Munro | 2019-07-30 11:56:13 | Re: POC: Cleaning up orphaned files using undo logs |