On 7/8/19 10:19 AM, Bruce Momjian wrote:
> When people are asking for multiple keys (not just for key rotation),
> they are asking to have multiple keys that can be supplied by users only
> when they need to access the data. Yes, the keys are always in the
> datbase, but the feature request is that they are only unlocked when the
> user needs to access the data. Obviously, that will not work for
> autovacuum when the encryption is at the block level.
> If the key is always unlocked, there is questionable security value of
> having multiple keys, beyond key rotation.
That is not true. Having multiple keys also allows you to reduce the
amount of data encrypted with a single key, which is desirable because:
1. It makes cryptanalysis more difficult
2. Puts less data at risk if someone gets "lucky" in doing brute force
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development