Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13386

Document how to create encryption keys for file_key_management plugin

    XMLWordPrintable

Details

    Description

      The documentation for the file_key_management plugin doesn't currently say how to generate encryption keys:

      https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management-plugin

      The correct command appears to be shown here:

      https://mariadb.com/resources/blog/table-and-tablespace-encryption-mariadb-101

      e.g.:

      > openssl enc -aes-256-ctr -k mylong2016secret@keyfor35fun -P -md sha1
      		 
      salt=9265402E0907A5D4
      		 
      key=55101B33D507041805AF49B95BBAE995B4218C5054D2DA2852C5F0042B837FC3
      		 
      iv =C7040FF9DB066043D16ADBEC4F18053F

      However, this more recent blog post from Pythian suggests a slightly different command:

      openssl enc -aes-256-cbc -P -md sha1

      https://www.pythian.com/blog/data-encryption-rest/

      We should clarify if a specific command is correct.

      Attachments

        Activity

          People

            greenman Ian Gilfillan
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.