Glossary
Data Encryption Key (DEK) : A symmetric ChaCha20-Poly1305 key used to encrypt and decrypt the actual data stored in the database.
Data Encryption Cipher (DEC) : The initialized ChaCha20-Poly1305 cipher instance created from the Data Encryption Key that performs the actual encryption and decryption operations.
FetchKey Method : A label that defines how to retrieve the user key for a given user.
Envelope : An encrypted wrapper containing the Data Encryption Key, encrypted with the user's Key Encryption Key, enabling secure per-user key management.
Key Encryption Key (KEK) : A private RSA key in the PKCS#8 format attach to a given database user. The key is never disclosed to the user. When the user opens a session, the extension will use the FetchKey method to retrieve it from an external source.
If you can't find a term in the list below, take a look at the PostgreSQL Glossary: