[MDEV-16151] MacOS 10.2.14 file key management issue - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Not a Bug
Affects Version/s: 10.2.14
Fix Version/s: N/A
Component/s: Configuration, Encryption, Plugins
Labels:
- encryption
- key_management
Environment:
Mac OS High Sierra 10.13.4

Description

I've been trying to set-up Key File Management and Encryption for an installation on a MacOS as detailed in this KB: https://mariadb.com/kb/en/library/encryption-key-management/

However, I get the following error in my error log:

2018-05-12 15:40:48 140735727108992 [ERROR] mysqld: Syntax error at /etc/mysql/keys.enc line 1, column 3

2018-05-12 15:40:48 140735727108992 [ERROR] Plugin 'file_key_management' init function returned error.

2018-05-12 15:40:48 140735727108992 [ERROR] Plugin 'file_key_management' registration as a ENCRYPTION failed.

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Uses event mutexes

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Compressed tables use zlib 1.2.11

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Number of pools: 1

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Using SSE2 crc32 instructions

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Completed initialization of buffer pool

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Highest supported file format is Barracuda.

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: 128 out of 128 rollback segments are active.

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Creating shared tablespace for temporary tables

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: File './ibtmp1' size is now 12 MB.

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: Waiting for purge to start

2018-05-12 15:40:48 140735727108992 [Note] InnoDB: 5.7.21 started; log sequence number 1641829

2018-05-12 15:40:48 123145503780864 [Note] InnoDB: Loading buffer pool(s) from /usr/local/var/mysql/ib_buffer_pool

2018-05-12 15:40:48 123145503780864 [Note] InnoDB: Buffer pool(s) load completed at 180512 15:40:48

2018-05-12 15:40:48 140735727108992 [Note] Plugin 'FEEDBACK' is disabled.

2018-05-12 15:40:48 140735727108992 [Note] Server socket created on IP: '::'.

2018-05-12 15:40:48 140735727108992 [Note] Reading of all Master_info entries succeded

2018-05-12 15:40:48 140735727108992 [Note] Added new Master_info '' to hash table

2018-05-12 15:40:48 140735727108992 [Note] /usr/local/opt/mariadb/bin/mysqld: ready for connections.

Version: '10.2.14-MariaDB'  socket: '/tmp/mysql.sock'  port: 3306  Homebrew

MariaDB version

mysql -V

mysql  Ver 15.1 Distrib 10.2.14-MariaDB, for osx10.13 (x86_64) using readline 5.1

Files

.key contains the plaintext password
keys Generated as: openssl rand -hex 16 >> /etc/mysql/keys
keys.enc Generated as: openssl enc -aes-256-cbc -md sha1 -k mypassword -in /etc/mysql/keys -out /etc/mysql/keys.enc

Checked key decrypts

openssl aes-256-cbc -d -md sha1 -k mypassword -in keys.enc

64f03bbef774fa3519f0e923f9cac460

Key files

/etc/mysql/

-rw-r--r--   1 ks27  admin     8 12 May 15:17 .key

-rw-r--r--   1 ks27  admin    33 12 May 14:36 keys

-rw-r--r--   1 ks27  admin    64 12 May 15:33 keys.enc

/etc/my.cnf

[server]

ssl

ssl-ca=/etc/mysql/ssl/ca-cert.pem

ssl-cert=/etc/mysql/ssl/server-cert.pem

ssl-key=/etc/mysql/ssl/server-key.pem

[mysqld]

# File Key Management

plugin_load_add=file_key_management

file_key_management_filename=/etc/mysql/keys.enc

file_key_management_filekey=FILE:/etc/mysql/.key

file_key_management_encryption_algorithm=aes_cbc

# InnoDB/XtraDB Encryption

#innodb_encrypt_tables = ON

#innodb_encrypt_log = ON

#innodb_encryption_threads = 8

#innodb_encryption_rotate_key_age = 5

# encrypt_binlog

[mysql]

## MySQL Client Configuration ##

ssl-ca=/etc/mysql/ssl/ca-cert.pem

ssl-cert=/etc/mysql/ssl/client-cert.pem

ssl-key=/etc/mysql/ssl/client-key.pem

### This option is disabled by default ###

### ssl-verify-server-cert ###

# This group is read both both by the client and the server

# use it for options that affect everything

[client-server]

# include all files from the config directory

!includedir /usr/local/etc/my.cnf.d

mariadb_config

mariadb_config

Copyright 2011-2015 MariaDB Corporation AB

Get compiler flags for using the MariaDB Connector/C.

Usage: mariadb_config [OPTIONS]

  --cflags        [-I/usr/local/Cellar/mariadb/10.2.14/include/mysql -I/usr/local/Cellar/mariadb/10.2.14/include/mysql/mysql]

  --include       [-I/usr/local/Cellar/mariadb/10.2.14/include/mysql -I/usr/local/Cellar/mariadb/10.2.14/include/mysql/mysql]

  --libs          [-L/usr/local/Cellar/mariadb/10.2.14/lib/ -lmariadb -lz -liconv -lssl -lcrypto]

  --libs_r        [-L/usr/local/Cellar/mariadb/10.2.14/lib/ -lmariadb -lz -liconv -lssl -lcrypto]

  --libs_sys      [-lz -liconv -lssl -lcrypto]

  --version       [10.2.14]

  --cc_version    [3.0.4]

  --socket        [/tmp/mysql.sock]

  --port          [3306]

  --plugindir     [/usr/local/Cellar/mariadb/10.2.14/lib/plugin]

  --tlsinfo       [OpenSSL 1.0.2o]

plugins

ls -la /usr/local/Cellar/mariadb/10.2.14/lib/plugin

total 27976

drwxr-xr-x  48 ks27  admin     1536 26 Mar 17:41 .

drwxr-xr-x  11 ks27  admin      352 26 Mar 17:41 ..

-r--r--r--   1 ks27  admin    19192 26 Mar 17:41 JavaWrappers.jar

-r--r--r--   1 ks27  admin     7567 26 Mar 17:41 JdbcInterface.jar

-r--r--r--   1 ks27  admin     9244 26 Mar 17:41 adt_null.so

-r--r--r--   1 ks27  admin     8648 26 Mar 17:41 auth_0x0100.so

-r--r--r--   1 ks27  admin    69516 26 Mar 17:41 auth_ed25519.so

-r--r--r--   1 ks27  admin    15480 26 Mar 17:41 auth_gssapi.so

-r--r--r--   1 ks27  admin    13584 26 Mar 17:41 auth_gssapi_client.so

-r--r--r--   1 ks27  admin    13540 26 Mar 17:41 auth_pam.so

-r--r--r--   1 ks27  admin     8900 26 Mar 17:41 auth_socket.so

-r--r--r--   1 ks27  admin     8960 26 Mar 17:41 auth_test_plugin.so

-r--r--r--   1 ks27  admin    68396 11 May 12:43 client_ed25519.so

-r--r--r--   1 ks27  admin      227 26 Mar 17:41 daemon_example.ini

-r--r--r--   1 ks27  admin     8776 26 Mar 17:41 debug_key_management.so

-r--r--r--   1 ks27  admin     9440 26 Mar 17:41 dialog.so

-r--r--r--   1 ks27  admin     8704 26 Mar 17:41 dialog_examples.so

-r--r--r--   1 ks27  admin    13776 26 Mar 17:41 example_key_management.so

-r--r--r--   1 ks27  admin    20752 26 Mar 17:41 file_key_management.so

-r--r--r--   1 ks27  admin    53608 26 Mar 17:41 ha_archive.so

-r--r--r--   1 ks27  admin    26628 26 Mar 17:41 ha_blackhole.so

-r--r--r--   1 ks27  admin  1025456 26 Mar 17:41 ha_connect.so

-r--r--r--   1 ks27  admin    27588 26 Mar 17:41 ha_example.so

-r--r--r--   1 ks27  admin    53944 26 Mar 17:41 ha_federated.so

-r--r--r--   1 ks27  admin    78228 26 Mar 17:41 ha_federatedx.so

-r--r--r--   1 ks27  admin  5291956 26 Mar 17:41 ha_mroonga.so

-r--r--r--   1 ks27  admin  6135712 26 Mar 17:41 ha_rocksdb.so

-r--r--r--   1 ks27  admin    93764 26 Mar 17:41 ha_sphinx.so

-r--r--r--   1 ks27  admin   728264 26 Mar 17:41 ha_spider.so

-r--r--r--   1 ks27  admin    25016 26 Mar 17:41 ha_test_sql_discovery.so

-r--r--r--   1 ks27  admin   109996 26 Mar 17:41 handlersocket.so

-r--r--r--   1 ks27  admin    14040 26 Mar 17:41 libdaemon_example.so

-r--r--r--   1 ks27  admin    13192 26 Mar 17:41 locales.so

-r--r--r--   1 ks27  admin    13724 26 Mar 17:41 metadata_lock_info.so

-r--r--r--   1 ks27  admin     9300 26 Mar 17:41 mypluglib.so

-r--r--r--   1 ks27  admin     8480 26 Mar 17:41 mysql_clear_password.so

-r--r--r--   1 ks27  admin     8472 26 Mar 17:41 qa_auth_client.so

-r--r--r--   1 ks27  admin     8880 26 Mar 17:41 qa_auth_interface.so

-r--r--r--   1 ks27  admin     8648 26 Mar 17:41 qa_auth_server.so

-r--r--r--   1 ks27  admin    13952 26 Mar 17:41 query_cache_info.so

-r--r--r--   1 ks27  admin    14792 26 Mar 17:41 query_response_time.so

-r--r--r--   1 ks27  admin    37024 26 Mar 17:41 semisync_master.so

-r--r--r--   1 ks27  admin    16360 26 Mar 17:41 semisync_slave.so

-r--r--r--   1 ks27  admin    41872 26 Mar 17:41 server_audit.so

-r--r--r--   1 ks27  admin    13644 11 May 12:43 sha256_password.so

-r--r--r--   1 ks27  admin     9196 26 Mar 17:41 simple_password_check.so

-r--r--r--   1 ks27  admin     9348 26 Mar 17:41 sql_errlog.so

-r--r--r--   1 ks27  admin    14044 26 Mar 17:41 wsrep_info.so

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Kevin Smith

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2018-05-12 14:58

Updated:: 2018-06-01 16:30

Resolved:: 2018-06-01 16:30

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.