Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
10.5, 10.2(EOL), 10.3(EOL), 10.4(EOL)
Description
Relevant Configuration in mariadb.cnf:
[mysqld]
|
plugin_load_add = file_key_management
|
file_key_management_filename = /etc/mysql/keys/enc_key.enc
|
file_key_management_filekey = FILE:/etc/mysql/keys/enc_passwd.key
|
file_key_management_encryption_algorithm = AES_CBC
|
MariaDB [(none)]> show plugins soname 'file_key_management.so';
|
+---------------------+---------------+------------+------------------------+---------+
|
| Name | Status | Type | Library | License |
|
+---------------------+---------------+------------+------------------------+---------+
|
| file_key_management | NOT INSTALLED | ENCRYPTION | file_key_management.so | GPL |
|
+---------------------+---------------+------------+------------------------+---------+
|
Error log:
Apr 6 03:29:43 localhost mariadbd[27605]: 2021-04-06 3:29:43 0 [ERROR] mariadbd: Cannot decrypt /etc/mysql/keys/enc_key.enc. Wrong key?
|
Apr 6 03:29:43 localhost mariadbd[27605]: 2021-04-06 3:29:43 0 [ERROR] Plugin 'file_key_management' init function returned error.
|
Apr 6 03:29:43 localhost mariadbd[27605]: 2021-04-06 3:29:43 0 [ERROR] Plugin 'file_key_management' registration as a ENCRYPTION failed.
|
After hours of trying different things, it turned out that the key was too long (I'd inadvertently used 512 characters). Recreated the file_key_management_filename and file_key_management_filekey using a 256 character key and it all worked fine.
I suggest checking the length (if not already happening) and then issuing a more helpful error like "Cannot decrypt <file_key_management_filename>. <file_key_management_filekey> has incorrect length"
This would have helped me realise where the error was (ie between chair and keyboard) and would have taken less than a minute to address.