Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Masahiko Sawada <sawada.mshk@gmail.com>
From: Masahiko Sawada <sawada.mshk@gmail.com>
To: Sehrope Sarkuni <sehrope@jackdb.com>
Cc: "Jonathan S. Katz" <jkatz@postgresql.org>,
Bruce Momjian <bruce@momjian.us>, Joe Conway <mail@joeconway.com>, Antonin Houska <ah@cybertec.at>,
Stephen Frost <sfrost@snowman.net>, Tomas Vondra <tomas.vondra@2ndquadrant.com>,
Robert Haas <robertmhaas@gmail.com>, Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon,
Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-07-29T10:39:49Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Mon, Jul 29, 2019 at 7:17 PM Sehrope Sarkuni <sehrope@jackdb.com> wrote: > > On Mon, Jul 29, 2019 at 4:39 AM Masahiko Sawada <sawada.mshk@gmail.com> wrote: > > After more thoughts, I'm confused why we need to have MDEK. We can use > > KEK derived from passphrase and TDEK and WDEK that are derived from > > KEK. That way, we don't need store any key in database file. What is > > the advantage of 3-tier key architecture? > > The separate MDEK serves a couple purposes: > > 1. Allows for rotating the passphrase without actually changing any of > the downstream derived keys. > 2. Verification that the passphrase itself is correct by checking if > it can unlock and authenticate (via a MAC) the MDEK. > 3. Ensures it's generated from a strong random source (ex: /dev/urandom). > > If the MDEK was directly derived via a deterministic function of the > passphrase, then that passphrase could never change as all your > derived keys would also change (and thus could not be decrypt their > existing data). The encrypted MDEK provides a level of indirection for > passphrase rotation. Understood. Thank you for explanation! > > An argument could be made to push that problem upstream, i.e. let the > supplier of the passphrase deal with the indirection. You would still > need to verify the supplied passphrase/key is correct via something > like authenticating against a stored MAC. So do we need the key for MAC of passphrase/key in order to verify? Regards, -- Masahiko Sawada NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center