Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13386

Document how to create encryption keys for file_key_management plugin

    Details

      Description

      The documentation for the file_key_management plugin doesn't currently say how to generate encryption keys:

      https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management-plugin

      The correct command appears to be shown here:

      https://mariadb.com/resources/blog/table-and-tablespace-encryption-mariadb-101

      e.g.:

      > openssl enc -aes-256-ctr -k mylong2016secret@keyfor35fun -P -md sha1
      salt=9265402E0907A5D4
      key=55101B33D507041805AF49B95BBAE995B4218C5054D2DA2852C5F0042B837FC3
      iv =C7040FF9DB066043D16ADBEC4F18053F
      

      However, this more recent blog post from Pythian suggests a slightly different command:

      openssl enc -aes-256-cbc -P -md sha1
      

      https://www.pythian.com/blog/data-encryption-rest/

      We should clarify if a specific command is correct.

        Attachments

          Activity

            People

            • Assignee:
              greenman Ian Gilfillan
              Reporter:
              GeoffMontee Geoff Montee
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: