Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13387

Document correct format for encryption keys used by file_key_management plugin

    XMLWordPrintable

Details

    Description

      The documentation currently says that the following format is used by file_key_management plugin:

      The key file contains encryption keys identifiers (32-bit numbers) and hex-encoded encryption keys, separated by a semicolon. 128, 192 or 256-bit keys are supported. Comments start from the hash character. An example key file entry:
       
      # this is a comment
      1;770A8A65DA156D24EE2A093277530142
      18;F5502320F8429037B8DAEF761B189D12F5502320F8429037B8DAEF761B189D12
      

      https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management_filename

      However, this more recent blog post from Pythian says that the IV needs to be included, in addition to the key:

       
      Sample output:
      ...
      key=AD2F01FD1D496F6A054E3D19B79815D0F6DE82C49E105D63E1F467912E2F0B95
      iv =C6A3F3625D420BD19AF04CEB9DA2D89B
      Sample contents of keys.txt using that output:
      1;C6A3F3625D420BD19AF04CEB9DA2D89B;AD2F01FD1D496F6A054E3D19B79815D0F6DE82C49E105D63E1F467912E2F0B95
      

      https://www.pythian.com/blog/data-encryption-rest/

      If the IV is required, then we should specify that.

      Attachments

        Activity

          People

            greenman Ian Gilfillan
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.