← Back to team overview

maria-discuss team mailing list archive

Table encryption 10.1.4

 

Hi All,

Been playing with encryption in 10.1.4 today and there's a few issues...

Firstly the manual<https://mariadb.com/kb/en/mariadb/table-encryption/> gives the following example...

"Example my.cnf to enable XtraDB encryption:

[mysqld]
file-key-management
file-key-management-filename = /mount/usb1/keys.txt
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads=4"

But doesn't make mention of the fact you need to add..

plugin-load-add=file_key_management.so

for this to work.

Secondly...

With this config..

"plugin-load-add=file_key_management.so
file_key_management
file_key_management_filename = /home/rcampbel/key.enc
file_key_management_filekey = FILE:/home/rcampbel/keyfile.txt
file_key_management_encryption_algorithm = AES_CBC
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads = 4"

I receive the following error...

ERROR Innodb: Tablespace id 0 encrypted but encryption service not available. Can't continue opening tablespace."

Then if I comment out inndob-encrypt-tables we get a step further but it complains..

"unknown option -innodb-encrypt-logs" <- documentation for 10.1.4 says different<https://mariadb.com/kb/en/mariadb/table-encryption/>

If I change this to...

innodb-encrypt-log

The server then starts up successfully. Here's a snip of some relevant variables...

[cid:image001.png@01D07869.79EBCC60]

After this I do seem to be able to dynamically set innodb_encrypt_tables and create an encrypted table...

[cid:image002.png@01D0786A.287E0B80]


Side note file_key_management_plugin.so is missing from the 10.1.3 .tar.gz bundles


Rhys Campbell
Database Administrator
TradingScreen, Inc.
23 York House, 5th Floor
London WC2B 6UJ
Email: rhys.campbell@xxxxxxxxxxxxxxxxx<mailto:rhys.campbell@xxxxxxxxxxxxxxxxx>

Follow TradingScreen on Twitter<http://twitter.com/#!/TradingScreen> , Facebook<http://www.facebook.com/pages/TradingScreen/214046251945650> and our blog Trading Smarter<tradingsmarter.tradingscreen.com>
This message is intended only for the recipient(s) named above and may contain confidential information. If you are not an intended recipient, you should not review, distribute or copy this message. Please notify the sender immediately by e-mail if you have received this message in error and delete it from your system.

PNG image

PNG image


Follow ups