On Fri, Mar 20, 2020 at 0:35 Bruce Momjian <bruce@momjian.us> wrote:
On Thu, Mar 19, 2020 at 11:42:36PM +0900, Masahiko Sawada wrote: > On Thu, 19 Mar 2020 at 22:00, Bruce Momjian <bruce@momjian.us> wrote: > > > > On Thu, Mar 19, 2020 at 06:32:57PM +0900, Masahiko Sawada wrote: > > > On Thu, 19 Mar 2020 at 15:59, Masahiko Sawada > > > > I understand that your idea is to include fixed length string to the > > > > 256 bit key in order to separate key space. But if we do that, I think > > > > that the key strength would actually be the same as the strength of > > > > weaker key length, depending on how we have the fixed string. I think > > > > if we want to have multiple key spaces, we need to derive keys from the > > > > master key using KDF. > > > > > > Or we can simply generate a different encryption key for block > > > encryption. Therefore we will end up with having two encryption keys > > > inside database. Maybe we can discuss this after the key manager has > > > been introduced. > > > > I know Sehrope liked derived keys so let's get his feedback on this. We > > might want to have two keys anyway for key rotation purposes. > > > > Agreed. Maybe we can derive a key for the use of wrap and unwrap SQL > interface by like HKDF(MK, 'USER_KEY:') or HKDF(KM, 'USER_KEY:' || > system_identifier).
Well, the issue is if the user can control the user key, there is might be a way to make the user key do nothing.
Well I meant ‘USER_KEY:’ is a fixed length string for the key used for wrap and unwrap SQL interface functions. So user cannot control it. We will have another key derived by, for example, HKDF(MK, ‘TDE_KEY:’ || system_identifier) for block encryption.
