Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Tomas Vondra <tomas.vondra@2ndquadrant.com>
From: Tomas Vondra <tomas.vondra@2ndquadrant.com>
To: Bruce Momjian <bruce@momjian.us>
Cc: Stephen Frost <sfrost@snowman.net>, Joe Conway <mail@joeconway.com>, Masahiko Sawada <sawada.mshk@gmail.com>, Robert Haas <robertmhaas@gmail.com>, Antonin Houska <ah@cybertec.at>, Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-07-08T19:47:33Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Mon, Jul 08, 2019 at 12:16:04PM -0400, Bruce Momjian wrote: > > ... > >Anyway, I will to research the reasonable data size that can be secured >with a single key via AES. I will look at how PGP encrypts large files >too. > IMO there are various recommendations about this, for example from NIST. But it varies on the exact encryption mode (say, GCM, XTS, ...) and the recommendations are not "per key" but "per key + nonce" etc. IANAC but my understanding is if we use e.g. "OID + blocknum" as nonce, then we should be pretty safe. regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services