forked from nec-postgres/tdeforpg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL-NOTE.TXT
67 lines (57 loc) · 2.47 KB
/
INSTALL-NOTE.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Installation Notes
==================
Installation instructions for Transparent Data Encryption for PostgreSQL Free Edition
Requirements
============
1. PostgreSQL Source Code
# It is not required, if you installed tdeforpg from RPM.
2. PostgreSQL with psql installed
Installation and Configuration
==============================
1. Setting environment variables
$ export PGSRC = #path of PostgreSQL source code
$ export PGHOME = #path of PostgreSQL installed
$ export TDEHOME = #path of tdeforpg downloaded
2. Install pgcrypto from source code
# If you have already installed pgcrypto, you can skip this section.
$ cd $PGSRC/contrib/pgcrypto
$ gmake
$ gmake install
$ pg_ctl start
$ psql << EOF
> CREATE EXTENSION pgcrypto;
> EOF
3. Building pgTDE
# If you installed tdeforpg from RPM, please skip this section.
$ sudo ln -s $PGHOME/lib/pgcrypto.so /usr/lib64/libpgcrypto.so
$ cd $PGSRC
$ ./configure
$ cd $TDEHOME/SOURCES/data_encryption
$ sh makedencryption.sh <pgver> $PGSRC
# <pgver> is version of PostgreSQL without dot (93 or 94)
4. install pgTDE to PostgreSQL
$ sudo ln -s $TDEHOME/SOURCES/data_encryption/<pgver>/data_encryption<pgver>.so.<version> /usr/lib64/data_encryption.so
$ vim $PGDATA/postgresql.conf # add shared_preload_libraries to postgresql.conf
shared_preload_libraries='/usr/lib64/data_encryption.so'
$ pg_ctl restart
$ cd $TDEHOME/SOURCES
$ sh bin/cipher_setup.sh $PGHOME
Transparent data encryption feature setup script
Please select from the setup menu below
Transparent data encryption feature setup menu
1: activate the transparent data encryption feature
2: inactivate the transparent data encryption feature
select menu [1 - 2] > 1
Please enter database server port to connect : <port_number>
Please enter database user name to connect : <user_name>
Please enter password for authentication : <password>
Please enter database name to connect : <db_name>
5. AES-NI support
pgcrypto from PostgreSQL 10 support AES-NI.
You can use Windows installer, Linux rpm or build your PostgreSQL
with --with-openssl option.
In PostgreSQL 9.5 or 9.6, if you want to use AES-NI supported pgcrypto,
Please replace ${PGHOME}/lib/pgcrypto.so (pgcrypto.dll in Windows)
with the AES-NI supported binary below,
Linux: ${TDEHOME}/SOURCES/data_encryption/<pgver>/libpgcrypto<pgver>.so.<version>
Windows: ${TDEHOME}\lib\pgcrypto.dll