Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setting security label in two different tables fails #73

Closed
timreibe opened this issue Feb 8, 2023 · 5 comments
Closed

setting security label in two different tables fails #73

timreibe opened this issue Feb 8, 2023 · 5 comments

Comments

@timreibe
Copy link

timreibe commented Feb 8, 2023
edited

Hi everyone,

I have two similar tables, within both I want to encrypt the content of one column (in this example its the column is called secret_column in both tables).

CREATE TABLE table_name1 (
   id_1 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
   key_id_1 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
   nonce_1 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
   secret_column_1 text NOT NULL DEFAULT 'undefined'::text
);

CREATE TABLE table_name2 (
   id_2 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
   key_id_2 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
   nonce_2 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
   secret_column_2 text NOT NULL DEFAULT 'undefined'::text
);
SECURITY LABEL FOR pgsodium
  ON COLUMN table_name1.secret_column_1
  IS 'ENCRYPT WITH KEY COLUMN key_id_1 NONCE nonce_1 ASSOCIATED id_1';

SECURITY LABEL FOR pgsodium
  ON COLUMN table_name2.secret_column_2
  IS 'ENCRYPT WITH KEY COLUMN key_id_2 NONCE nonce_2 ASSOCIATED id_2';

I am able to set the security labels for each table separately, but If I want to add both, it fails, giving me the error:

Failed to run sql query: must be owner of relation table_name1

I am new to this topic and looked up every source I can find online, but none could solve my problem.
I really appreciate your help!

Thank you in advance
Tim :-)
@ioguix
Copy link
Collaborator

ioguix commented Feb 8, 2023

Hi,

but If I want to add both, it fails, giving me the error

I'm not sure to understand what you try to achieve. What is the command raising you this error?

Thanks,

@timreibe
Copy link
Author

timreibe commented Feb 8, 2023
edited

Hi,

but If I want to add both, it fails, giving me the error

I'm not sure to understand what you try to achieve. What is the command raising you this error?

Thanks,

Hi,

as I was following the docs, I have to set a Security Label for a column I want to encrypt with the key, nonce and associate as parameters.

In my specific case, I have two tables and both have one column that I want to encrypt with pgsodium. So, in my understanding, I have to set a Security Label for each column.

I can set these labels separately, but once I want to the second after I added the first, it gives me this error.

Am I understanding Security Labels wrong?

@ioguix
Copy link
Collaborator

ioguix commented Feb 9, 2023

Hi,

Trying to replicate here, I don't have such an error:

~$ createuser u73
~$ createdb d73 -O u73
~$ psql d73
d73=# create extension "uuid-ossp" ;
CREATE EXTENSION
d73=# create extension pgsodium ;
CREATE EXTENSION
d73=# grant SELECT, REFERENCES on pgsodium.key TO u73 ;
GRANT
d73=# CREATE TABLE table_name1 (
   id_1 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
   key_id_1 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
   nonce_1 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
   secret_column_1 text NOT NULL DEFAULT 'undefined'::text
);                                     
                                                                      
CREATE TABLE table_name2 (
   id_2 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
   key_id_2 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
   nonce_2 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
   secret_column_2 text NOT NULL DEFAULT 'undefined'::text
);
CREATE TABLE
CREATE TABLE
d73=# SECURITY LABEL FOR pgsodium
  ON COLUMN table_name1.secret_column_1
  IS 'ENCRYPT WITH KEY COLUMN key_id_1 NONCE nonce_1 ASSOCIATED id_1';

SECURITY LABEL FOR pgsodium
  ON COLUMN table_name2.secret_column_2
  IS 'ENCRYPT WITH KEY COLUMN key_id_2 NONCE nonce_2 ASSOCIATED id_2';
SECURITY LABEL
SECURITY LABEL

@timreibe
Copy link
Author

timreibe commented Feb 9, 2023
edited

Thanks @ioguix for trying to replicate. That this works for you shows me, that something must be off within my database. I use Postgresql in Supabase, have you ever made experience with that?

Edit: Found out that I messed up with my pgsodium extension, on a new project it works fine. I solved the issue by dropping the shema pgsodium and re-enabled the pgsodium extension in the database settings.

Thanks again @ioguix for your help!

@timreibe timreibe closed this as completed Feb 9, 2023
@ioguix
Copy link
Collaborator

ioguix commented Feb 9, 2023

I use Postgresql in Supabase, have you ever made experience with that?

nope

I solved the issue

great!

Thanks again @ioguix for your help!

you are welcome!

@ioguix ioguix mentioned this issue Feb 9, 2023
Open
@timreibe timreibe mentioned this issue Feb 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ioguix @timreibe