Skip to content

PG-1923 WIP 256-bit encryption (take 2) #587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: TDE_REL_17_STABLE
Choose a base branch
from
Draft

PG-1923 WIP 256-bit encryption (take 2) #587

wants to merge 2 commits into from

Conversation

dAdAbird
Copy link
Member

  • The GUC option is applied to all created keys (principal and internal).
  • Hence _keys files (as well as principal keys) may contain keys of different sizes. For that, keys have a "key size" field now (principal key already have had). And tde_aes funcs have a new arg "key size".
  • On server start, we check for old _keys files and rewrite them with the new format (see comments to the related commit and code). However, it doesn't work (it has a bug with decrypting a principal key from the old file). But please review and provide feedback on the general idea.
  • SMGR keys don't work yet.
  • I haven't tried key rotation.

This is a draft and needs further improvements and refactoring. I just want feedback on the general direction.

Cheers

@dAdAbird
Add support for 32 byte keys
c8770a6 
It's a draft. Only Principal and WAL keys work so far
@dAdAbird
Update (rewrite) the old wal_keys file format
0b8794c 
It does make sense to rewrite old files on server start (otherwise it'll
slow down random read/write). But reading all _keys files and checking
the magic number could slow the server start, especially if there are
a lot of databases with encrypted tables.  Moreover, we'd rewrite files
once but would have to scan and read them on every start... That's why
this commit introduces new suffixes to the filenames in the new format.
That way, we would only scan the dir and read file names, instead of
opening and reading each _keys file.
@dAdAbird dAdAbird force-pushed the 32_byte_keys_take2 branch from c012cde to 0b8794c Compare October 2, 2025 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dAdAbird