Re: Internal key management system

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: Internal key management system
Дата
Msg-id 20200319163840.GF2571@momjian.us
обсуждение исходный текст
Ответ на Re: Internal key management system  (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>)
Ответы Re: Internal key management system  (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>)
Список pgsql-hackers
Дерево обсуждения 
On Fri, Mar 20, 2020 at 12:50:27AM +0900, Masahiko Sawada wrote:
> On Fri, Mar 20, 2020 at 0:35 Bruce Momjian <bruce@momjian.us> wrote:
>     Well, the issue is if the user can control the user key, there is might be
>     a way to make the user key do nothing.
> 
> Well I meant ‘USER_KEY:’ is a fixed length string for the key used for wrap and
> unwrap SQL interface functions. So user cannot control it. We will have another
> key derived by, for example, HKDF(MK, ‘TDE_KEY:’ || system_identifier) for
> block encryption.

OK, yes, something liek that might make sense.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Pengzhou Tang
Дата:
Сообщение: Re: Parallel grouping sets
Следующее
От: Andreas Karlsson
Дата:
Сообщение: Re: Unicode normalization SQL functions