Re: Internal key management system
| От | Bruce Momjian |
|---|---|
| Тема | Re: Internal key management system |
| Дата | |
| Msg-id | 20201016202437.GA28789@momjian.us обсуждение исходный текст |
| Ответ на | Re: Internal key management system (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>) |
| Ответы |
Re: Internal key management system
Re: Internal key management system |
| Список | pgsql-hackers |
On Fri, Jul 31, 2020 at 04:06:38PM +0900, Masahiko Sawada wrote: > > Given that the purpose of the key manager is to help TDE, discussing > > the SQL interface part (i.g., the second patch) deviates from the > > original purpose. I think we should discuss the design and > > implementation of the key manager first and then other additional > > interfaces. So I’ve attached a new version patch and removed the > > second patch part so that we can focus on only the key manager part. > > > > Since the previous patch sets conflicts with the current HEAD, I've > attached the rebased patch set. I have updated the attached patch and am hoping to move this feature forward. The changes I made are: * handle merge conflicts * changed ssl initialization to match other places in our code * changed StrNCpy() to strlcpy * update the docs The first three were needed to get it to compile. I then ran some tests using the attached shell script as my password script. First, I found that initdb called the script twice. The first call worked fine, but the second call would accept a password that didn't match the first call. This is because there are no keys defined, so there is nothing for kmgr_verify_passphrase() to check for passkey verification, so it just succeeds. In fact, I can't figure out how to create any keys with the patch, and pg_encrypt() is documented, but not defined anywhere. Second, in testing starting/stopping the server, pg_ctl doesn't allow the cluster_passphrase_command to read from /dev/tty, which I think is a requirement because the command could likely require a user-supplied unlock key, even if that is not the actual passphrase, just like ssl keys. This is because pg_ctl calls setsid() just before calling execl() to start the server, and setsid() disassociates itself from the controlling terminal. I think the fix is to remove setsid() from pg_ctl and add a postmaster flag to call setsid() after it has potentially called cluster_passphrase_command, and pg_ctl would use that flag. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
Вложения
В списке pgsql-hackers по дате отправления: