Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oSzby-0001Ah-PT for pgsql-hackers@arkaria.postgresql.org; Tue, 30 Aug 2022 11:40:54 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1oSzbx-0001iP-Jx for pgsql-hackers@arkaria.postgresql.org; Tue, 30 Aug 2022 11:40:53 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oSzbx-0001iG-Af for pgsql-hackers@lists.postgresql.org; Tue, 30 Aug 2022 11:40:53 +0000 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oSzbr-0007HO-3F for pgsql-hackers@postgresql.org; Tue, 30 Aug 2022 11:40:52 +0000 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id EDB65320098F; Tue, 30 Aug 2022 07:40:44 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 30 Aug 2022 07:40:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1661859644; x= 1661946044; bh=UV2uSn3Fg9n3GDfsb2mj7q38xaRpjp6pSSemisqyZTw=; b=W Mq1DJYcr7d222iSfvTtmFAyWem/Y45OAlRGUkwDLzkJbSKMt5Z9S+baXFrYQQRlH nnaCBl97I0bJzRsDL8lZ7WHOH8G9UVeMCtZR4EvQiywTGK2Z0j6HgtcGOJDprULy 7LTOO5vNEST1O2tcHYnyXvzk3HUZzJHwrTKvfP8BTbRqspTOe57DHh9CAviyaf/v 1MMGCExZkPHB45vmfTOXHpo7syT40bcRDdSLd704/oRoFRgc/wz3QZKg8Sr659WI Hkgse1+oBnadZtartYs8EBQ4CEvNGgb+CWT62NRWfMO6l9ldveV8cmd8PJbZ1jvh FLhpDrozZ53OEBGenqL8w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdekfedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfgihhsvghnthhrrghuthcuoehpvghtvghrrdgvihhsvghnthhrrghuthesvghnth gvrhhprhhishgvuggsrdgtohhmqeenucggtffrrghtthgvrhhnpeehleffgeegudejteei hfelteduvdeifffhffdvjedvffegjeekudeludehudeifeenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvghrrdgvihhsvghnthhrrghu thesvghnthgvrhhprhhishgvuggsrdgtohhm X-ME-Proxy: Feedback-ID: i131946ab:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Aug 2022 07:40:43 -0400 (EDT) Message-ID: Date: Tue, 30 Aug 2022 13:40:43 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Subject: Re: Transparent column encryption Content-Language: en-US To: Masahiko Sawada Cc: pgsql-hackers References: <89157929-c2b6-817b-6025-8e4b2d89d88f@enterprisedb.com> <48a9f2c2-4a57-27d8-7c53-16a23a01014e@enterprisedb.com> <79f08a39-a7da-5157-cef4-378fb60c18f8@enterprisedb.com> <258c5064-437e-f41e-7537-5e8c343c33cc@enterprisedb.com> From: Peter Eisentraut In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 20.07.22 08:12, Masahiko Sawada wrote: > --- > Regarding the documentation, I'd like to have a page that describes > the generic information of the transparent column encryption for users > such as what this feature actually does, what can be achieved by this > feature, CMK rotation, and its known limitations. The patch has > "Transparent Column Encryption" section in protocol.sgml but it seems > to be more internal information. I have added more documentation in the v6 patch. > --- > In datatype.sgml, it says "Thus, clients that don't support > transparent column encryption or have disabled it will see the > encrypted values as byte arrays." but I got an error rather than > encrypted values when I tried to connect to the server using by > clients that don't support the encryption: > > postgres(1:6040)=# select * from tbl; > no CMK lookup found for realm "" This has now been improved in v6. The protocol changes need to be activated explicitly at connection time, so if you use a client that doesn't support it or activates it, you get the described behavior. > --- > In single-user mode, the user cannot decrypt the encrypted value but > probably it's fine in practice. Yes, there is nothing really to do about that. > --- > Regarding the column master key rotation, would it be useful if we > provide a tool for that? For example, it takes old and new CMK as > input, re-encrypt all CEKs realted to the CMK, and registers them to > the server. I imagine users using a variety of key management systems, so I don't see how a single tool would work. But it's something we can think about in the future. > --- > Is there any convenient way to load a large amount of test data to the > encrypted columns? I tried to use generate_series() but it seems not > to work as it generates the data on the server side: No, that doesn't work, by design. You'd have to write a client program to generate the data. > I've also tried to load the data from a file on the client by using > \copy command, but it seems not to work: > > postgres(1:80556)=# copy (select generate_series(1, 1000)::text) to > '/tmp/tmp.dat'; > COPY 1000 > postgres(1:80556)=# \copy a from '/tmp/tmp.dat' > COPY 1000 > postgres(1:80556)=# select * from a; > out out memory This was a bug that I have fixed. > --- > I got SEGV in the following two situations: I have fixed these.