← Back to team overview

maria-discuss team mailing list archive

Re: Table encryption 10.1.4

 

Hi Rhys,

Thank you for reporting all of this.

Could you please file a bug report at our JIRA (https://mariadb.atlassian.net) for the last assertion failure?

Please by all means file documentation issues as well, but I can do it on your behalf if you so prefer; for the crash, however, we might need additional information from you, it will be easier to request and track via JIRA.

Thanks again,
Regards,
Elena



On 16.04.2015 19:38, Rhys Campbell wrote:
In addition to the below flow...

Adding both, or either one of...

aria-encrypt-tables=1
encrypt-tmp-disk-tables=1

Results in a crash on startup...

[cid:image003.png@01D0786C.31DF1910]

From: Maria-discuss [mailto:maria-discuss-bounces+rhys.campbell=tradingscreen.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Rhys Campbell
Sent: 16 April 2015 17:24
To: maria-discuss@xxxxxxxxxxxxxxxxxxx
Subject: [Maria-discuss] Table encryption 10.1.4

Hi All,

Been playing with encryption in 10.1.4 today and there's a few issues...

Firstly the manual<https://mariadb.com/kb/en/mariadb/table-encryption/> gives the following example...

"Example my.cnf to enable XtraDB encryption:

[mysqld]
file-key-management
file-key-management-filename = /mount/usb1/keys.txt
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads=4"

But doesn't make mention of the fact you need to add..

plugin-load-add=file_key_management.so

for this to work.

Secondly...

With this config..

"plugin-load-add=file_key_management.so
file_key_management
file_key_management_filename = /home/rcampbel/key.enc
file_key_management_filekey = FILE:/home/rcampbel/keyfile.txt
file_key_management_encryption_algorithm = AES_CBC
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads = 4"

I receive the following error...

ERROR Innodb: Tablespace id 0 encrypted but encryption service not available. Can't continue opening tablespace."

Then if I comment out inndob-encrypt-tables we get a step further but it complains..

"unknown option -innodb-encrypt-logs" <- documentation for 10.1.4 says different<https://mariadb.com/kb/en/mariadb/table-encryption/>

If I change this to...

innodb-encrypt-log

The server then starts up successfully. Here's a snip of some relevant variables...

[cid:image004.png@01D0786C.31DF1910]

After this I do seem to be able to dynamically set innodb_encrypt_tables and create an encrypted table...

[cid:image005.png@01D0786C.31DF1910]


Side note file_key_management_plugin.so is missing from the 10.1.3 .tar.gz bundles


Rhys Campbell
Database Administrator
TradingScreen, Inc.
23 York House, 5th Floor
London WC2B 6UJ
Email: rhys.campbell@xxxxxxxxxxxxxxxxx<mailto:rhys.campbell@xxxxxxxxxxxxxxxxx>

Follow TradingScreen on Twitter<http://twitter.com/#!/TradingScreen> , Facebook<http://www.facebook.com/pages/TradingScreen/214046251945650> and our blog Trading Smarter<tradingsmarter.tradingscreen.com>
This message is intended only for the recipient(s) named above and may contain confidential information. If you are not an intended recipient, you should not review, distribute or copy this message. Please notify the sender immediately by e-mail if you have received this message in error and delete it from your system.




_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~maria-discuss
More help   : https://help.launchpad.net/ListHelp



References