On Mon, Jul 18, 2022 at 12:53:23PM +0200, Peter Eisentraut wrote:
> Asymmetric keys gives you some more options for how you set up the keys at
> the beginning. For example, you create the asymmetric key pair on the host
> where your client program that wants access to the encrypted data will run.
> You put the private key in an appropriate location for run time. You send
> the public key to another host. On that other host, you create the CEK,
> encrypt it with the CMK, and then upload it into the server (CREATE COLUMN
> ENCRYPTION KEY). Then you can wipe that second host. That way, you can be
> even more sure that the unencrypted CEK isn't left anywhere. I'm not sure
> whether this method is very useful in practice, but it's interesting.
>
> In any case, as I mentioned above, this particular aspect is up for
> discussion.
I caution against adding complexity without a good reason, because
historically complexity often leads to exploits and bugs, especially
with crypto.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson