Quick Links

Re: Moving forward with TDE [PATCH v3]

From:	David Christensen <david(dot)christensen(at)crunchydata(dot)com>
To:	vignesh C <vignesh21(at)gmail(dot)com>
Cc:	Aleksander Alekseev <aleksander(at)timescale(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>
Subject:	Re: Moving forward with TDE [PATCH v3]
Date:	2023-10-31 21:23:17
Message-ID:	CAOxo6XLac9KL7UrfQr5+xfKgrSa==F_AghNbUkTA8ivYiYvjvQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Greetings,

I am including an updated version of this patch series; it has been rebased
onto 6ec62b7799 and reworked somewhat.

The patches are as follows:

0001 - doc updates
0002 - Basic key management and cipher support
0003 - Backend-related changes to support heap encryption
0004 - modifications to bin tools and programs to manage key rotation and
add other knowledge
0005 - Encrypted/authenticated WAL

These are very broad strokes at this point and should be split up a bit
more to make things more granular and easier to review, but I wanted to get
this update out.

Of note, the encryption supported in this release as exposed to the
heap-level is AES-XTS-128 and AES-XTS-256; there is built-in support for
CTR and GCM, however based on other discussions related how to store the
additional authenticated data on the page, GCM has been removed from
the list of supported ciphers. This could certainly be enabled in the
future, however the other pieces that this patchset provides would enable
TDE without the additional block size/storage concerns.

Best,

David

Attachment	Content-Type	Size
v3-0001-TDE-doc-updates.patch	application/octet-stream	32.9 KB
v3-0002-Basic-key-management-and-cipher-support.patch	application/octet-stream	37.4 KB
v3-0005-Add-encrypted-authenticated-WAL.patch	application/octet-stream	34.1 KB
v3-0004-bin-tools-and-programs.patch	application/octet-stream	51.3 KB
v3-0003-Backend-related-changes.patch	application/octet-stream	232.8 KB

In response to

Re: Moving forward with TDE at 2023-01-06 06:27:19 from vignesh C

Responses

Re: Moving forward with TDE [PATCH v3] at 2023-10-31 21:30:18 from Bruce Momjian
Re: Moving forward with TDE [PATCH v3] at 2023-11-02 21:09:40 from Matthias van de Meent
Re: Moving forward with TDE [PATCH v3] at 2023-11-03 02:32:28 from Andres Freund
Re: Moving forward with TDE [PATCH v3] at 2024-01-22 06:17:21 from Peter Smith

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Bruce Momjian	2023-10-31 21:30:18	Re: Moving forward with TDE [PATCH v3]
Previous Message	Bruce Momjian	2023-10-31 21:16:56	Re: Question about non-blocking mode in libpq