> what is it that gets stored in the page for > decryption use, the nonce or the IV derived from it?
I believe storing the IV is preferable and still secure per [1]: "The IV need not be secret" Beyond needing the database oid, if every decrypt function has to regenerate the IV from the nonce that will affect performance. I don't know how expensive the forward hash is but it won't be free. [1] https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf *Ryan Lambert*