Re: Proposed patch for key managment - Mailing list pgsql-hackers

From Fabien COELHO
Subject Re: Proposed patch for key managment
Date
Msg-id alpine.DEB.2.22.394.2012311111380.3573723@pseudo
Whole thread Raw
In response to Re: Proposed patch for key managment  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Proposed patch for key managment
List pgsql-hackers
Hello Stephen,

>> The implementations should not have to be in any particular language: Shell,
>> Perl, Python, C should be possible.
>
> I disagree that it makes any sense to pass actual encryption out to a
> shell script.

Yes, sure. I'm talking about key management. For actual crypto functions, 
ISTM that they should be "replaceable", i.e. if some institution does not 
believe in AES then they could switch to something else.

>> After giving it more thought during the day, I think that only one
>> command and a basic protocol is needed. Maybe something as simple as
>>
>>   /path/to/command --options arguments…
>
> This is what's proposed- a command is run to acquire the KEK (as a hex
> encoded set of bytes, making it possible to use a shell script, which is
> what the patch does too).

Yep, but that is not what I'm trying to advocate. The "KEK" (if any), 
would stay in the process, not be given back to the database or command 
using it. Then the database/tool would interact with the command to get 
the actual per-file keys when needed.

> [...] The API to fetch the KEK doesn't care at all about where it's 
> stored or how it's derived or anything like that.

> There's a relatively small change which could be made to have PG request 
> all of the keys that it'll need on startup, if we want to go there as 
> has been suggested elsewhere, but even if we do that, PG needs to be 
> able to do that itself too, otherwise it's not a complete capability and 
> there seems little point in doing something that's just a pass-thru to 
> something else and isn't able to really be used.

I do not understand. Postgres should provide a working implementation, 
whether the functions are directly inside pg or though an external 
process, they need to be there anyway. I'm trying to fix a clean, possibly 
external API so that it is possible to have something different from the 
choices made in the patch.

-- 
Fabien.

pgsql-hackers by date:

Previous
From: Etsuro Fujita
Date:
Subject: Re: Asynchronous Append on postgres_fdw nodes.
Next
From: Fabien COELHO
Date:
Subject: Re: Proposed patch for key managment