Re: Transparent column encryption

Hi,

Here are a few more things I noticed :

If a CEK is encrypted with cmk1 and cmk2, but cmk1 isn't found on the 
client,the following error is printed twice for the very first SELECT 
statement:

   could not open file "/path/to/cmk1.pem": No such file or directory

...and nothing is returned. The next queries in the same session would 
work  correctly (cmk2 is used for the decryption of the CEK). An INSERT 
statement si handled properly, though : one (and only one) error 
message, and line actually inserted in all cases).

For example :

   postgres=# SELECT * FROM customers ;
   could not open file "/path/to/cmk1.pem": No such file or directory

   could not open file "/path/to/cmk1.pem": No such file or directory

   postgres=# SELECT * FROM customers ;
    id | name  | creditcard_num
   ----+-------+-----------------
     1 | toto  | 546843351354245
     2 | babar | 546843351354245

<close and open new psql session>

   postgres=# INSERT INTO customers (id, name, creditcard_num) VALUES 
  ($1, $2, $3) \gencr '3' 'toto' '546888351354245';
   could not open file "/path/to/cmk1.pem": No such file or directory

   INSERT 0 1
   postgres=# SELECT * FROM customers ;
    id | name  | creditcard_num
   ----+-------+-----------------
     1 | toto  | 546843351354245
     2 | babar | 546843351354245
     3 | toto  | 546888351354245


 From the documentation of CREATE COLUMN MASTER KEY, it looks like the 
REALM is optional, but both
   CREATE COLUMN MASTER KEY cmk1;
and
   CREATE COLUMN MASTER KEY cmk1 WITH ();
returns a syntax error.


About AEAD, the documentation says :
 > The “associated data” in these algorithms consists of 4 bytes: The 
ASCII letters P and G (byte values 80 and 71), followed by the algorithm 
ID as a 16-bit unsigned integer in network byte order.

My guess is that it serves no real purpose, did I misunderstand ?