Re: Transparent column encryption

From: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>
To: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Transparent column encryption
Date: 2022-12-21 05:46:51
Message-ID: d9dd3634-6154-b0b7-f3a9-0d86dad7b8ff@enterprisedb.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 28.11.22 15:05, Peter Eisentraut wrote:
> On 23.11.22 19:39, Peter Eisentraut wrote:
>> Here is another updated patch.  Some preliminary work was committed,
>> which allowed this patch to get a bit smaller.  I have incorporated
>> some recent reviews, and also fixed some issues pointed out by recent
>> CI additions (address sanitizer etc.).
>>
>> The psql situation in this patch is temporary: It still has the \gencr
>> command from previous versions, but I plan to fold this into the new
>> \bind command.
>
> I made a bit of progress with this now, based on recent reviews:
>
> - Cleaned up the libpq API.  PQexecParams() now supports column
> encryption transparently.
> - psql \bind can be used; \gencr is removed.
> - Added psql \dcek and \dcmk commands.
> - ALTER COLUMN MASTER KEY to alter realm.

And another update. The main changes are that I added an 'unspecified'
CMK algorithm, which indicates that the external KMS knows what it is
but the database system doesn't. This was discussed a while ago. I
also changed some details about how the "cmklookup" works in libpq.
Also added more code comments and documentation and rearranged some code.

According to my local todo list, this patch is now complete.

Attachment Content-Type Size
v13-0001-Transparent-column-encryption.patch text/plain 384.9 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Hayato Kuroda (Fujitsu) 2022-12-21 05:55:41 RE: Force streaming every change in logical decoding
Previous Message Bharath Rupireddy 2022-12-21 05:39:01 Re: Add LSN along with offset to error messages reported for WAL file read/write/validate header failures