使用gsql操作密态数据库

    1. 以操作系统用户omm登录CN所在主机。

    3. 创建客户端主密钥CMK和列加密密钥CEK。创建CMK的语法请参考、创建的CEK的语法请参考CREATE COLUMN ENCRYPTION KEY

      2. openGauss=# CREATE CLIENT MASTER KEY ImgCMK1 WITH (KEY_STORE = localkms, KEY_PATH = "key_path_value1", ALGORITHM = RSA_2048);
      3. openGauss=# CREATE CLIENT MASTER KEY ImgCMK WITH (KEY_STORE = localkms, KEY_PATH = "key_path_value2", ALGORITHM = RSA_2048);
      4. openGauss=# CREATE COLUMN ENCRYPTION KEY ImgCEK1 WITH VALUES (CLIENT_MASTER_KEY = ImgCMK1, ALGORITHM  = AEAD_AES_256_CBC_HMAC_SHA256);
      5. CREATE COLUMN ENCRYPTION KEY
      6. openGauss=# CREATE COLUMN ENCRYPTION KEY ImgCEK WITH VALUES (CLIENT_MASTER_KEY = ImgCMK, ALGORITHM  = AEAD_AES_256_CBC_HMAC_SHA256);
      7. CREATE COLUMN ENCRYPTION KEY

    4. 向加密表插入数据并进行等值查询。

      1. openGauss=# INSERT INTO creditcard_info VALUES (1,'joe','6217986500001288393');
      2. INSERT 0 1
      3. openGauss=# INSERT INTO creditcard_info VALUES (2, 'joy','6219985678349800033');
      4. INSERT 0 1
      5. openGauss=# select * from creditcard_info where name = 'joe';
      7.          1 | joe  | 6217986500001288393
      8. (1 row)
      9. 注意:使用非密态客户端查看该加密表数据时是密文
      10. openGauss=# select id_number,name from creditcard_info;
      11.  id_number |                                                                         name
      12. -----------+------------------------------------------------------------------------------------------------------------------------------------------------------
      13.          1 | \x011aefabd754ded0a536a96664790622487c4d366d313aecd5839e410a46d29cba96a60e4831000000ee79056a114c9a6c041bb552b78052e912a8b730609142074c63791abebd0d38
      14.          2 | \x011aefabd76853108eb406c0f90e7c773b71648fa6e2b8028cf634b49aec65b4fcfb376f3531000000f7471c8686682de215d09aa87113f6fb03884be2031ef4dd967afc6f7901646b