Re: Internal key management system - Mailing list pgsql-hackers
| From | Masahiko Sawada |
|---|---|
| Subject | Re: Internal key management system |
| Date | |
| Msg-id | CA+fd4k6WYdL7HX1w_J8C6s0xgRFES8X4kGDasHmy6NeKLXHpkQ@mail.gmail.com Whole thread Raw |
| In response to | Re: Internal key management system (Bruce Momjian <bruce.momjian@enterprisedb.com>) |
| Responses |
Re: Internal key management system
(Bruce Momjian <bruce.momjian@enterprisedb.com>)
|
| List | pgsql-hackers |
On Thu, 12 Mar 2020 at 08:13, Bruce Momjian <bruce.momjian@enterprisedb.com> wrote: > > On Fri, Mar 6, 2020 at 03:31:00PM +0900, Masahiko Sawada wrote: > > On Fri, 6 Mar 2020 at 15:25, Moon, Insung <tsukiwamoon.pgsql@gmail.com> wrote: > > > > > > Dear Sawada-san > > > > > > I don't know if my environment or email system is weird, but the V5 > > > patch file is only include simply a changed list. > > > and previous V4 patch file size was 64kb, but the v5 patch file size was 2kb. > > > Can you check it? > > > > > > > Thank you! I'd attached wrong file. > > Looking at this thread, I wanted to make a few comments: > > Everyone seems to think pgcrypto need some maintenance. Who would like > to take on that task? > > This feature does require openssl since all the encryption/decryption > happen via openssl function calls. > > Three are three levels of encrypt here: > > 1. The master key generated during initdb > > 2. The passphrase to unlock the master key at boot time. Is that > optional or required? The passphrase is required if the internal kms is enabled during initdb. Currently hashing the passphrase is also required but it could be optional. Even if we make hashing optional, we still require openssl to wrap and unwrap. > > 3. The wrap/unwrap key, which can be per-user/application/cluster > > In the patch, the doc heading "Cluster Encryption Key Rotation" seems > confusing. Doesn't that change the pass phrase? Why refer to it as the > cluster encryption key here? Agreed, changed to "Changing Cluster Passphrase". > > Could the wrap functions expose the master encryption key by passing in > empty string or null? Currently the wrap function returns NULL if null is passed, and doesn't expose the master encryption key even if empty string is passed because we add random IV for each wrapping. > I wonder if we should create a derived key from > the master key to use for pg_wrap/pg_unwrap, maybe by appending a fixed > string to all strings supplied to these functions. We could create > another derived key for use in block-level encryption, so we are sure > the two key spaces would never overlap. Currently the master key is 32 bytes but you mean to add fixed string to the master key to derive a new key? > > pgcryptokey shows a method for creating a secret between client and > server using SQL that does not expose the secret in the server logs: > > https://momjian.us/download/pgcryptokey/ > > I assume we will create a 256-bit key for the master key, but give users > an option of 128-bit vs 256-bit keys for block-level encryption. > 256-bit keys are considered necessary for security against future > quantum computing attacks. 256-bit keys are more weaker than 128-bit key in terms of quantum computing attacks? > > This looks like a bug in the patch: > > - This parameter can only be set in the <filename>postgresql.conf</filename> > + This parameter can only be set in the <filename>postgresql.confo</filename> Fixed. Regards, -- Masahiko Sawada http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
pgsql-hackers by date: