Encrypted VFS for PGlite (NodeFS) #893
davidmuggleton
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all, I built an encrypted VFS (Node based) that provides transparent encryption-at-rest for the database directory (AES-256-GCM per 8KB page, PBKDF2-SHA512 key derivation, AAD binds each page to file identity + page number, and passphrase verification on reopen). See https://github.com/davidmuggleton/pglite-encrypted-fs. The on-disk format isn’t versioned yet, so I’d love feedback on the API surface/ergonomics (new EncryptedFS(dataDir, passphrase, options?) etc.) and how you’d prefer format versioning to work (magic+version in file header vs manifest, storing KDF params in-header, etc.) before 1.0. Also looking for quick Windows + Bun testers - even a “works/doesn’t work” with runtime + OS versions helps. Finally, if you have crypto/security experience, I’d really appreciate a review of the scheme for weaknesses/improvements. Thanks!
Beta Was this translation helpful? Give feedback.
All reactions