Well, this is actually copied from this link.
https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fpgsqldeepdive.blogspot.com%2F2015%2F06%2Fpostgresql-nec-tde.html&edit-text=&act=url
But then, below are my steps.
Specs: Current posstgresql server is 9.3.10
yum install --enablerepo=pgdg93 postgresql93-devel gmake make gcc gcc-c++ postgresql93-test yum-utils rpm-build bison flex perl-ExtUtils-Embed "perl(ExtUtils::MakeMaker)" python-devel tcl-devel readline-devel zlib-devel openssl-devel krb5-devel e2fsprogs-devel gettext libxml2-devel libxslt-devel pam-devel uuid-devel openldap-devel openjade opensp docbook-dtds docbook-style-dsssl rpm-build git
It will update the current postgres-9.3 so be sure you have a backup of you current database.
cd /root
mkdir src
cd src
yumdownloader --source postgresql93
rpm -ivh postgresql93-9.3.11-1PGDG.rhel6.src.rpm
cd /root/rpmbuild
rpmbuild -bp SPECS/postgresql-9.3.spec
mkdir /usr/local/src/
cd /usr/local/src/
git clone https://github.com/nec-postgres/tdeforpg.git
ll /root/rpmbuild/BUILD/postgresql-9.3.11/
export PGSRC=/root/rpmbuild/BUILD/postgresql-9.3.11/
export PGHOME=/usr/pgsql-9.3
export TDEHOME=/usr/local/src/tdeforpg
export PATH=/usr/pgsql-9.3/bin/:$PATH
ln -s /usr/pgsql-9.3/lib/pgcrypto.so /usr/lib64/libpgcrypto.so
cd $PGSRC
./configure
cd /usr/local/src/tdeforpg/SOURCES/data_encryption/
ln -s /root/rpmbuild/BUILD/postgresql-9.3.11/src/backend/utils/errcodes.h /root/rpmbuild/BUILD/postgresql-9.3.11/src/include/utils/errcodes.h
sh makedencryption.sh 93 $PGSRC
ln -s /usr/local/src/tdeforpg/SOURCES/data_encryption/93/data_encryption93.so.1.1.1.1 /usr/lib64/data_encryption.so
chown postgres:postgres -R -v /usr/local/src/tdeforpg
Apped the below line at current postgresql.conf
shared_preload_libraries='/usr/lib64/data_encryption.so'
encrypt.enable = on
Then connect to the database that you want the encryption to be enabled.
as super user.
psql -U pgadminuser -h 127.0.0.1 mycompanydb
then execute
create extension pgcrypto;
then exit.
Follow the ff:
cd $TDEHOME/SOURCES
sh bin/cipher_setup.sh $PGHOME
Transparent data encryption feature setup script
Please select from the setup menu below
Transparent data encryption feature setup menu
1: activate the transparent data encryption feature
2: inactivate the transparent data encryption feature
select menu [1 - 2] > 1
Please enter database server port to connect : 5432
Please enter database user name to connect : pgadminuser
Please enter password for authentication :
Please enter database name to connect : mycompanydb
CREATE LANGUAGE
INFO: Transparent data encryption feature has been activated
cd $TDEHOME/SOURCES
sh bin/cipher_key_regist.sh /usr/pgsql-9.3
=== Database connection information ===
Please enter database server port to connect : 5432
Please enter database user name to connect : pgadminuser
Please enter password for authentication :
Please enter database name to connect : mycompanydb
=== Regist new cipher key ===
Please enter the new cipher key : "make sure you remember this"
Please retype the new cipher key :
Please enter the algorithm for new cipher key : aes
Are you sure to register new cipher key(y/n) : y
Try to check cipherkey table
[root@MyServer SOURCES]# psql -U pgadminuser -h 127.0.0.1 mycompanydb
Password for user pgadminuser:
psql (9.3.11)
Type "help" for help.
mycompanydb=# select * from cipher_key_table;
key
| algorithm
-------------------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------+-----------
\xc38f3e4f1305863e66e2ac3e4eaffe7617e09c7c6f8f3e4f1305863e66e
2ac3e4eaffe7617e09c7c6f8f3e4f1305863e66e2ac3e4eaffe7617e
09c7c6f8f3e4f1305863e66e2ac3e4eaffe7617e09c7c6f
7dacc2290d1ce491c620e0b43702a1f8509656c6 | aes
(1 row)
mycompanydb=#
Then developers will be the one to continue.
