Re: Proposed patch for key management
| От | Alastair Turner |
|---|---|
| Тема | Re: Proposed patch for key management |
| Дата | |
| Msg-id | CAC0GmywLRCqOKOKHPcQESQw2cjP+n99T4rY+iYvqfwOCSaUxjg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Proposed patch for key management (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-hackers |
On Mon, 4 Jan 2021 at 17:56, Bruce Momjian <bruce@momjian.us> wrote: > > On Sat, Jan 2, 2021 at 12:47:19PM +0000, Alastair Turner wrote: > > > > There is also a further validation task - probably beyond the scope of > > the key management patch and into the encryption patch[es] territory - > > checking that the keys supplied are the same keys in use for the data > > currently on disk. It feels to me like this should be done at startup, > > rather than as each file is accessed, which could make startup quite > > slow if there are a lot of keys with narrow scope. > > We do that already on startup by using GCM to validate the KEK when > encrypting each DEK. > Which validates two things - that the KEK is the same one which was used to encrypt the DEKs (instead of returning garbage plaintext when given a garbage key), and that the DEKs have not been tampered with at rest. What it does not check is that the DEKs are the keys used to encrypt the data, that one has not been copied or restored independent of the other.
В списке pgsql-hackers по дате отправления: