← Back to team overview

maria-discuss team mailing list archive

Re: Key lengths for file_key_management plugin

 

Hi, Honza!

On Jul 14, Honza Horak wrote:
> I've asked directly in the documentation page, but maybe someone will 
> know answer here:
> https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#comment_2346
> 
> In that article it is said that 128, 192 or 256-bit keys are supported, 
> but later AES_CTR and AES_CBC modes talk only about 128bit keys. What 
> piece of information am I missing?

The article says "the plugin will use AES with the 128-bit keys in
the CTR mode for encrypting tablespace pages".

Because tablespace pages are always encrypted with a 128-bit tablespace
key. Which is different for every tablespace and it is generated from
the user-specified key, which might be 128-, 192-, or 256-bit.

Temporary files and binary logs are encrypted directly with the
user-specified key of a user-specified length.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx


Follow ups

References