Re: Transparent column encryption

On 28.11.22 15:05, Peter Eisentraut wrote:
> On 23.11.22 19:39, Peter Eisentraut wrote:
>> Here is another updated patch.  Some preliminary work was committed,
>> which allowed this patch to get a bit smaller.  I have incorporated
>> some recent reviews, and also fixed some issues pointed out by recent
>> CI additions (address sanitizer etc.).
>>
>> The psql situation in this patch is temporary: It still has the \gencr
>> command from previous versions, but I plan to fold this into the new
>> \bind command.
>
> I made a bit of progress with this now, based on recent reviews:
>
> - Cleaned up the libpq API.  PQexecParams() now supports column
> encryption transparently.
> - psql \bind can be used; \gencr is removed.
> - Added psql \dcek and \dcmk commands.
> - ALTER COLUMN MASTER KEY to alter realm.

And another update. The main changes are that I added an 'unspecified'
CMK algorithm, which indicates that the external KMS knows what it is
but the database system doesn't. This was discussed a while ago. I
also changed some details about how the "cmklookup" works in libpq.
Also added more code comments and documentation and rearranged some code.

According to my local todo list, this patch is now complete.