Day: September 30, 2019

Enterprise PostgreSQL Solutions

I have been working with the PostgreSQL community recently to develop TDE (Transparent Data Encryption). During this time, I studied some cryptography-related knowledge and used it to combine with the database. I will introduce the TDE in PostgreSQL by the following three dimensions. The current threat model of the databaseEncryption

Key management consists of four parts: key generation, key preservation, key exchange, and key rotation. Key Generation Only for the study of symmetric encryption, so I mainly introduce symmetric encryption. The symmetric password generation method is: A random number is a keyPassword-based key generationHKDF (HMAC-based extraction and extended key derivation)