Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
Description
The documentation currently says that the following format is used by file_key_management plugin:
The key file contains encryption keys identifiers (32-bit numbers) and hex-encoded encryption keys, separated by a semicolon. 128, 192 or 256-bit keys are supported. Comments start from the hash character. An example key file entry:
|
 |
# this is a comment
|
1;770A8A65DA156D24EE2A093277530142
|
18;F5502320F8429037B8DAEF761B189D12F5502320F8429037B8DAEF761B189D12
|
https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management_filename
However, this more recent blog post from Pythian says that the IV needs to be included, in addition to the key:
|
Sample output:
|
...
|
key=AD2F01FD1D496F6A054E3D19B79815D0F6DE82C49E105D63E1F467912E2F0B95
|
iv =C6A3F3625D420BD19AF04CEB9DA2D89B
|
Sample contents of keys.txt using that output:
|
1;C6A3F3625D420BD19AF04CEB9DA2D89B;AD2F01FD1D496F6A054E3D19B79815D0F6DE82C49E105D63E1F467912E2F0B95
|
https://www.pythian.com/blog/data-encryption-rest/
If the IV is required, then we should specify that.