maria-discuss team mailing list archive

Thread
Date

Re: Key lengths for file_key_management plugin

To: Honza Horak <hhorak@xxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 15 Jul 2016 11:31:34 +0200
Cc: maria-discuss@xxxxxxxxxxxxxxxxxxx
In-reply-to: <e834cfa2-4f4e-f146-2a0d-dbdc443ba832@redhat.com>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi, Honza!

On Jul 14, Honza Horak wrote:
> I've asked directly in the documentation page, but maybe someone will 
> know answer here:
> https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#comment_2346
> 
> In that article it is said that 128, 192 or 256-bit keys are supported, 
> but later AES_CTR and AES_CBC modes talk only about 128bit keys. What 
> piece of information am I missing?

The article says "the plugin will use AES with the 128-bit keys in
the CTR mode for encrypting tablespace pages".

Because tablespace pages are always encrypted with a 128-bit tablespace
key. Which is different for every tablespace and it is generated from
the user-specified key, which might be 128-, 192-, or 256-bit.

Temporary files and binary logs are encrypted directly with the
user-specified key of a user-specified length.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx

Follow ups

Re: Key lengths for file_key_management plugin
From: Honza Horak, 2016-07-19

References

Key lengths for file_key_management plugin
From: Honza Horak, 2016-07-14