Skip to content

PG-1416 Sign principal key info to protect against the wrong principal key #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 7, 2025
Merged

PG-1416 Sign principal key info to protect against the wrong principal key #191

merged 1 commit into from
Apr 7, 2025

Conversation

jeltz
Copy link
Collaborator

@jeltz jeltz commented Apr 4, 2025

We already had protection against decrypting relation keys with the wrong principal key but to properly protect us against new relation keys being encrypted with the wrong principal key we need to also verify that the principal key was correct when we fetch the principal key from the key provider. We do so by signing the principal key info header of the key map file using AES-128-GCM.

This way we cannot get a jumbled mess of relation keys encrypted with multiple different principal keys.

@jeltz jeltz requested review from dutow and dAdAbird as code owners April 4, 2025 17:46
@dutow
Copy link
Collaborator

dutow commented Apr 4, 2025

Commit message and pr name says primary key, that seems to be a typo

@jeltz
PG-1416 Sign principal key info to protect against the wrong principa…
ca38f99 
…l key

We already had protection against decrypting relation keys with the wrong
principal key but to properly protect us against new relation keys being
encrypted with the wrong principal key we need to also verify that the
principal key was correct when we fetch the principal key from the key
provider. We do so by signing the principal key info header of the key map
file using AES-128-GCM.

This way we cannot get a jumbled mess of relation keys encrypted with
multiple different principal keys.
@jeltz jeltz changed the title PG-1416 Sign primary key info to protect against the wrong principal key PG-1416 Sign principal key info to protect against the wrong principal key Apr 5, 2025
@jeltz
Copy link
Collaborator Author

jeltz commented Apr 5, 2025

Haha, it was only a matter of them before I did that typo. :)

@jeltz jeltz force-pushed the tde/verify-princpal-key-info branch from 2a9aadf to ca38f99 Compare April 5, 2025 07:17
@jeltz jeltz merged commit 5514727 into percona:TDE_REL_17_STABLE Apr 7, 2025
14 checks passed
@jeltz jeltz deleted the tde/verify-princpal-key-info branch April 10, 2025 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dutow dutow dutow approved these changes

@dAdAbird dAdAbird Awaiting requested review from dAdAbird dAdAbird is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeltz @dutow