Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13387

Document correct format for encryption keys used by file_key_management plugin

    Details

      Description

      The documentation currently says that the following format is used by file_key_management plugin:

      The key file contains encryption keys identifiers (32-bit numbers) and hex-encoded encryption keys, separated by a semicolon. 128, 192 or 256-bit keys are supported. Comments start from the hash character. An example key file entry:
       
      # this is a comment
      1;770A8A65DA156D24EE2A093277530142
      18;F5502320F8429037B8DAEF761B189D12F5502320F8429037B8DAEF761B189D12
      

      https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management_filename

      However, this more recent blog post from Pythian says that the IV needs to be included, in addition to the key:

       
      Sample output:
      ...
      key=AD2F01FD1D496F6A054E3D19B79815D0F6DE82C49E105D63E1F467912E2F0B95
      iv =C6A3F3625D420BD19AF04CEB9DA2D89B
      Sample contents of keys.txt using that output:
      1;C6A3F3625D420BD19AF04CEB9DA2D89B;AD2F01FD1D496F6A054E3D19B79815D0F6DE82C49E105D63E1F467912E2F0B95
      

      https://www.pythian.com/blog/data-encryption-rest/

      If the IV is required, then we should specify that.

        Attachments

          Activity

            People

            • Assignee:
              greenman Ian Gilfillan
              Reporter:
              GeoffMontee Geoff Montee
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: