Hi Masahiko,
> Let me briefly explain the current design I'm thinking. The design employees
> 2-tier key architecture. That is, a database cluster has one
> master key and per-tablespace keys which are encrypted with the master key
> before storing to disk. Each tablespace keys are generated
> randomly inside database when CREATE TABLESPACE. The all encrypted tablespace
> keys are stored together with the master key ID to the
> file (say, $PGDATA/base/pg_tblsp_keys). That way, the startup process can
> easily get all tablespace keys and the master key ID before
> starting recovery, and therefore can get the all decrypted tablespace keys.
Your design idea sounds very similar to the current Fujitsu Enterprise Postgres
(FEP) implementation of TDE.
FEP uses a master encryption key (MEK) for the database cluster. This MEK is
stored in a file at some GUC variable location. This file is encrypted using a
“passphrase” known only to the administrator.
There are also per-tablespace keys, which are randomly generated at the time of
CREATE TABLESPACE and stored in files. There is one tablespace key file per
tablespace. These tablespace key files are encrypted by the MEK and stored at
the location specified by CREATE TABLESPACE.
Not all tablespaces use TDE. An FEP extension of the CREATE TABLESPACE syntax,
creates the tablespace key file only when encryption was requested.
e.g. CREATE TABLESPACE my_secure_tablespace LOCATION
'/home/postgre/FEP/TESTING/tablespacedir' WITH (tablespace_encryption_algorithm
= 'AES256');
The MEK is not currently got from a third party. It is randomly generated when
the master key file is first created by another added function.
e.g. select pgx_set_master_key('passphrase');
Kind Regards,
Peter Smith
Fujitsu Australia
Disclaimer
The information in this e-mail is confidential and may contain content that is
subject to copyright and/or is commercial-in-confidence and is intended only
for the use of the above named addressee. If you are not the intended
recipient, you are hereby notified that dissemination, copying or use of the
information is strictly prohibited. If you have received this e-mail in error,
please telephone Fujitsu Australia Software Technology Pty Ltd on + 61 2 9452
9000 or by reply e-mail to the sender and delete the document and all copies
thereof.
Whereas Fujitsu Australia Software Technology Pty Ltd would not knowingly
transmit a virus within an email communication, it is the receiver’s
responsibility to scan all communication and any files attached for computer
viruses and other defects. Fujitsu Australia Software Technology Pty Ltd does
not accept liability for any loss or damage (whether direct, indirect,
consequential or economic) however caused, and whether by negligence or
otherwise, which may result directly or indirectly from this communication or
any files attached.
If you do not wish to receive commercial and/or marketing email messages from
Fujitsu Australia Software Technology Pty Ltd, please email
unsubscr...@fast.au.fujitsu.com
