Re: Internal key management system

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: Internal key management system
Дата
Msg-id 20200311231344.GA21323@momjian.us
обсуждение исходный текст
Ответ на Re: Internal key management system  (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>)
Ответы Re: Internal key management system  (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>)
Список pgsql-hackers
Дерево обсуждения 
On Fri, Mar  6, 2020 at 03:31:00PM +0900, Masahiko Sawada wrote:
> On Fri, 6 Mar 2020 at 15:25, Moon, Insung <tsukiwamoon.pgsql@gmail.com> wrote:
> >
> > Dear Sawada-san
> >
> > I don't know if my environment or email system is weird, but the V5
> > patch file is only include simply a changed list.
> > and previous V4 patch file size was 64kb, but the v5 patch file size was 2kb.
> > Can you check it?
> >
> 
> Thank you! I'd attached wrong file.

Looking at this thread, I wanted to make a few comments:

Everyone seems to think pgcrypto need some maintenance.  Who would like
to take on that task?

This feature does require openssl since all the encryption/decryption
happen via openssl function calls.

Three are three levels of encrypt here:

1.  The master key generated during initdb

2.  The passphrase to unlock the master key at boot time.  Is that
optional or required? 

3.  The wrap/unwrap key, which can be per-user/application/cluster

In the patch, the doc heading "Cluster Encryption Key Rotation" seems
confusing.  Doesn't that change the pass phrase?  Why refer to it as the
cluster encryption key here?

Could the wrap functions expose the master encryption key by passing in
empty string or null?  I wonder if we should create a derived key from
the master key to use for pg_wrap/pg_unwrap, maybe by appending a fixed
string to all strings supplied to these functions.  We could create
another derived key for use in block-level encryption, so we are sure
the two key spaces would never overlap.

pgcryptokey shows a method for creating a secret between client and
server using SQL that does not expose the secret in the server logs:

    https://momjian.us/download/pgcryptokey/

I assume we will create a 256-bit key for the master key, but give users
an option of  128-bit vs 256-bit keys for block-level encryption. 
256-bit keys are considered necessary for security against future
quantum computing attacks.

This looks like a bug in the patch:

-        This parameter can only be set in the <filename>postgresql.conf</filename>
+        This parameter can only be set in the <filename>postgresql.confo</filename>

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Nikita Glukhov
Дата:
Сообщение: Re: SQL/JSON: functions
Следующее
От: Paul A Jungwirth
Дата:
Сообщение: Re: SQL:2011 PERIODS vs Postgres Ranges?