Home > mailing lists

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) - Mailing list pgsql-hackers

From	Ryan Lambert
Subject	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
Date	July 10, 2019 05:02:46
Msg-id	CAN-V+g-CZoHnVGyySCZUVNDFAE4tQU9ak-b9U8aQTAnHEejrHQ@mail.gmail.com Whole thread Raw
In response to	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
List	pgsql-hackers

Tree view

> What I think Tomas is getting at here is that we don't write a page only
> once.

> A nonce of tableoid+pagenum will only be unique the first time we write
> out that page. Seems unlikely that we're only going to be writing these
> pages once though- what we need is a nonce that's unique for *every
> write* of the 8k page, isn't it? As every write of the page is going to
> be encrypting something new.

> With sufficient randomness, we can at least be more likely to have a
> unique nonce for each 8K write. Including the LSN seems like it'd be a
> possible alternative.

Agreed. I know little of the inner details about the LSN but what I read in [1] sounds encouraging in addition to tableoid + pagenum.

[1] https://www.postgresql.org/docs/current/datatype-pg-lsn.html

Ryan Lambert

pgsql-hackers by date:

From: "David G. Johnston"
Date: 10 July 2019, 03:58:40
Subject: Re: Extending PostgreSQL with a Domain-Specific Language (DSL) - Development

From: Stephen Frost
Date: 10 July 2019, 05:06:33
Subject: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) - Mailing list pgsql-hackers

Previous

Next