On Thu, Dec 10, 2020 at 07:26:48PM +0800, Neil Chen wrote: > > > Hi, everyone > > I have read the patch and did some simple tests. I'm not entirely sure > about some code segments; e.g.: > > In the BootStrapKmgr() we generate a data encryption key by: > key = generate_crypto_key(file_encryption_keylen); > > However, I found that the file_encryption_keylen is always 0 in bootstrap > mode because there exitst another variable > bootstrap_file_encryption_keylen > in xlog.c and bootstrap.c.
Oh, good point; that is very helpful. I was relying on SetConfigOption to set file_encryption_keylen, but that happens _after_ we create the keys, so they were zero length. I have fixed this by passing bootstrap_file_encryption_keylen to the boot routines. The diff URL has the fix: https://github.com/postgres/postgres/compare/master...bmomjian:key.diff > We get the REL/WAL key by KmgrGetKey() call and it works like: > return (const CryptoKey *) &(KmgrShmem->intlKeys[id]); > > But in bootstrap mode, the KmgrShmem are not assigned. So, if we want to > use it to encrypt something in bootstrap mode, I suggest we make the > following changes: > if ( in bootstrap mode) > return intlKeys[id]; // a static variable which contains key > else > reutrn (const CryptoKey *) &(KmgrShmem->intlKeys[id]); Yes, you are also correct here. I had not gotten to using KmgrGetKey yet, but it clearly needs your suggestion, so have done that. Thanks for your help. -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee