From: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
---|---|
To: | vignesh C <vignesh21(at)gmail(dot)com> |
Cc: | Aleksander Alekseev <aleksander(at)timescale(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
Subject: | Re: Moving forward with TDE [PATCH v3] |
Date: | 2023-10-31 21:23:17 |
Message-ID: | CAOxo6XLac9KL7UrfQr5+xfKgrSa==F_AghNbUkTA8ivYiYvjvQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Greetings,
I am including an updated version of this patch series; it has been rebased
onto 6ec62b7799 and reworked somewhat.
The patches are as follows:
0001 - doc updates
0002 - Basic key management and cipher support
0003 - Backend-related changes to support heap encryption
0004 - modifications to bin tools and programs to manage key rotation and
add other knowledge
0005 - Encrypted/authenticated WAL
These are very broad strokes at this point and should be split up a bit
more to make things more granular and easier to review, but I wanted to get
this update out.
Of note, the encryption supported in this release as exposed to the
heap-level is AES-XTS-128 and AES-XTS-256; there is built-in support for
CTR and GCM, however based on other discussions related how to store the
additional authenticated data on the page, GCM has been removed from
the list of supported ciphers. This could certainly be enabled in the
future, however the other pieces that this patchset provides would enable
TDE without the additional block size/storage concerns.
Best,
David
Attachment | Content-Type | Size |
---|---|---|
v3-0001-TDE-doc-updates.patch | application/octet-stream | 32.9 KB |
v3-0002-Basic-key-management-and-cipher-support.patch | application/octet-stream | 37.4 KB |
v3-0005-Add-encrypted-authenticated-WAL.patch | application/octet-stream | 34.1 KB |
v3-0004-bin-tools-and-programs.patch | application/octet-stream | 51.3 KB |
v3-0003-Backend-related-changes.patch | application/octet-stream | 232.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2023-10-31 21:30:18 | Re: Moving forward with TDE [PATCH v3] |
Previous Message | Bruce Momjian | 2023-10-31 21:16:56 | Re: Question about non-blocking mode in libpq |