If you use a key management system as a keystore to use the Transparent Data Encryption feature, the following conditions must be met.

Key management systems must use the Key Management Interoperability Protocol (KMIP) Version 1.4 protocol.

The encryption key used must be able to be created or brought into the KMIP server under the following conditions.

• AES 256 bit symmetric key

  A Managed Object that meets the following criteria:

  • Cryptographic Algorithm : AES

  • Cryptographic Length : 256

• Key not wrapped

The following operations using the KMIP protocol must be supported:

• Get operation

  Encryption keys can be returned in Key Format Type: Raw format.

You must be able to authenticate and authorize clients in the following ways:

• The registered client certificate can authenticate the client and authorize access to the encryption key.

Fujitsu Enterprise Postgres can receive a maximum response size of 8192 bytes from a key management system. Any further response results in an error.

If the private key file used for the client certificate is encrypted, the maximum length of the passphrase used for encryption is 1023 bytes.