On Tue, Jun 13, 2017 at 11:04:21AM -0400, Stephen Frost wrote:
> > Also, in the use case you describe, if you use pg_basebackup to make a
> > direct encrypted copy of a data directory, I think that would mean you'd
> > have to keep using the same key for all copies.
>
> That's true, but that might be acceptable and possibly even desirable in
> certain cases. On the other hand, it would certainly be a useful
> feature to have a way to migrate from one key to another. Perhaps that
> would start out as an off-line tool, but maybe we'd be able to work out
> a way to support having it done on-line in the future (certainly
> non-trivial, but if we supported multiple keys concurrently with a
> preference for which key is used to write data back out, and required
> that checksums be in place to allow us to test if decrypting with a
> specific key worked ... lots more hand-waving here... ).
As I understand it, having encryption in the database means the key is
stored in the database, while having encryption in the file system means
the key is stored in the operating system somewhere. Of course, if the
key stored in the database is visible to someone using the operating
system, we really haven't added much/any security --- I guess my point
is that the OS easily can hide the key from the database, but the
database can't easily hide the key from the operating system.
Of course, if the storage is split from the database server then having
the key on the database server seems like a win. However, I think a db
server could easily encrypt blocks before sending them to the SAN
server. This would not work for NAS, of course, since it is file-based.
I have to admit we tend to avoid heavy-API solutions that are designed
just to work around deployment challenges. Commercial databases are
fine in doing that, but it leads to very complex products.
I think the larger issue is where to store the key. I would love for us
to come up with a unified solution to that and then build encryption on
that, including all-cluster encryption.
One cool idea I have is using public encryption to store the encryption
key by users who don't know the decryption key, e.g. RSA. It would be a
write-only encryption option. Not sure how useful that is, but it
easily possible, and doesn't require us to keep the _encryption_ key
secret, just the decryption one.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +