maria-discuss team mailing list archive

Thread
Date

Re: About data encryption

To: Cesar Hernandez <c.hernandez@xxxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 15 Dec 2017 09:21:35 +0100
Cc: maria-discuss@xxxxxxxxxxxxxxxxxxx
In-reply-to: <68C666F2-5D61-4FE1-A4F3-6FC3D3C6C52D@medlabmg.com>
User-agent: Mutt/1.7.2 (2016-11-26)

Hi, Cesar!

On Dec 15, Cesar Hernandez wrote:
> 
> Thanks Sergei!
> 
> So the database is encrypted by using AES-128-CBC or AES-128-CRT, right?
> Can I use AES-256-CBC?

No. Each tablespace is encrypted with a different per-tablespace key.
This key is 128 bit. It's generated by encrypting a random 128-bit
nonce with the user-specified key.

So, if you specify a 256-bit key in the file_key_manager plugin,
this 256-bit key will be used to generate the 128-bit tablespace key.

The tablespace itself will be encrypted using the 128-bit key.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx

References

About data encryption
From: Cesar Hernandez, 2017-12-14
Re: About data encryption
From: Sergei Golubchik, 2017-12-14