← Back to team overview

maria-discuss team mailing list archive

Re: About data encryption


Hi, Cesar!

On Dec 15, Cesar Hernandez wrote:
> Thanks Sergei!
> So the database is encrypted by using AES-128-CBC or AES-128-CRT, right?
> Can I use AES-256-CBC?

No. Each tablespace is encrypted with a different per-tablespace key.
This key is 128 bit. It's generated by encrypting a random 128-bit
nonce with the user-specified key.

So, if you specify a 256-bit key in the file_key_manager plugin,
this 256-bit key will be used to generate the 128-bit tablespace key.

The tablespace itself will be encrypted using the 128-bit key.

Chief Architect MariaDB
and security@xxxxxxxxxxx