Category: TDE

Enterprise PostgreSQL Solutions

Benefits of External Key Management System Over the Internal and How they Could Help Securing PostgreSQL

1. Introduction Data and user security have always been important considerations for small to large enterprises during the deployment of their database or application servers. PostgreSQL today has rich support for many network level and user level security features. These include TLS to secure database connections, internal user authentication, integration with external user authentication services…
Read more

Understanding Security Features in PostgreSQL – Part 3

1. Introduction This is part 3 of the blog “Understanding Security Features in PostgreSQL”, in which I will be discussing how to apply TLS in both PostgreSQL server and client using the principles we have learned in part 2 of the blog. In the end, I will also briefly talk about Transparent Data Encryption (TDE)…
Read more

The Transparent data encryption in PostgreSQL

I have been working with the PostgreSQL community recently to develop TDE (Transparent Data Encryption). During this time, I studied some cryptography-related knowledge and used it to combine with the database. I will introduce the TDE in PostgreSQL by the following three dimensions. The current threat model of the database Encryption policy description and current…
Read more

Key Management

Key management consists of four parts: key generation, key preservation, key exchange, and key rotation. Key Generation Only for the study of symmetric encryption, so I mainly introduce symmetric encryption. The symmetric password generation method is: A random number is a key Password-based key generation HKDF (HMAC-based extraction and extended key derivation) A random number…
Read more