From: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
Subject: | Re: Key management with tests |
Date: | 2021-01-11 11:12:00 |
Message-ID: | CAD21AoDOWmNwg4Tqc4JxuXXD0KYkHPhCeG=pHRO3NGDr3tryNQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Jan 10, 2021 at 11:51 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
> On Sun, Jan 10, 2021 at 06:04:12PM +1300, Thomas Munro wrote:
> > On Sun, Jan 10, 2021 at 3:45 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > > Does anyone know why the cfbot applied the patch listed second first
> > > here?
> > >
> > > http://cfbot.cputube.org/patch_31_2925.log
> > >
> > > Specifically, it applied hex..key.diff.gz before hex.diff.gz. I assumed
> > > it would apply attachments in the order they appear in the email.
> >
> > It sorts the filenames (in this case after decompressing step removes
> > the .gz endings). That works pretty well for the patches that "git
> > format-patch" spits out, but it's a bit hit and miss with cases like
> > yours.
>
> OK, here they are with numeric prefixes. It was actually tricky to
> figure out how to create a squashed format-patch based on another branch.
>
Thank you for attaching the patches. It passes all cfbot tests, great.
Looking at the patch, it supports three algorithms but only
PG_CIPHER_AES_KWP is used in the core for now:
+/*
+ * Supported symmetric encryption algorithm. These identifiers are passed
+ * to pg_cipher_ctx_create() function, and then actual encryption
+ * implementations need to initialize their context of the given encryption
+ * algorithm.
+ */
+#define PG_CIPHER_AES_GCM 0
+#define PG_CIPHER_AES_KW 1
+#define PG_CIPHER_AES_KWP 2
+#define PG_MAX_CIPHER_ID 3
Are we in the process of experimenting which algorithms are better? If
we support one algorithm that is actually used in the core, we would
reduce the tests as well.
FWIW, I've written a PoC patch for buffer encryption to make sure the
kms patch would be workable with other components using the encryption
key managed by kmgr.
Overall it’s good. While the buffer encryption patch is still PoC
quality and there are some problems regarding nonce generation we need
to deal with, it easily can use the relation key managed by the kmgr
to encrypt/decrypt buffers.
Regards,
--
Masahiko Sawada
EnterpriseDB: https://www.enterprisedb.com/
Attachment | Content-Type | Size |
---|---|---|
0003-Poc-buffer-encryption.patch | application/octet-stream | 23.6 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | 曾文旌 | 2021-01-11 11:40:18 | Re: Proposal: Global Index |
Previous Message | Amit Kapila | 2021-01-11 11:00:33 | Re: Single transaction in the tablesync worker? |