Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Not a Bug
-
10.5, 10.6, 10.11, 11.4, 11.8, 12.0
Description
$ cat keyfile |
1;d2826644f7ce1fadbb11534b062618e100a3e8a3eea671faaffd7cb20196829d
|
2;a1ecfbe7b6118151200e28d10c496fae6f8b48665c5ae040f82242b4cd66f280
|
Then start a server with a fresh data dir with:
# Update path as needed
|
--plugin-load-add=file_key_management.so --file-key-management-filename="${PWD}/keyfile" |
Then execute:
SET SESSION innodb_default_encryption_key_id=1; |
SET GLOBAL innodb_encrypt_tables=ON; |
CREATE TABLE t1 (c INT) ENGINE=InnoDB; |
|
|
SET SESSION innodb_default_encryption_key_id=2; |
SET GLOBAL innodb_encrypt_tables=OFF; |
SELECT @@GLOBAL.innodb_encrypt_tables; # Confirmed off (and there is no @@SESSION.innodb_encrypt_tables var) |
CREATE TABLE t2 (c INT) ENGINE=InnoDB; |
|
|
SELECT NAME, ENCRYPTION_SCHEME, CURRENT_KEY_ID FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 't%'; |
Stop the server and observe that ENCRYPTION_KEY_ID 2 was used:
$ grep --binary-files=text -o 'ENCRYPTION_KEY_ID...' data/test/t2.frm
|
ENCRYPTION_KEY_ID2
|
This should not be the case as innodb_encrypt_tables was set to OFF.
Additionally, the SELECT query reports only t1 to be using encryption:
|
CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Optimized) Build 15/02/2025 |
11.8.1-opt>SELECT NAME, ENCRYPTION_SCHEME, CURRENT_KEY_ID FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 't%';
|
+---------+-------------------+----------------+
|
| NAME | ENCRYPTION_SCHEME | CURRENT_KEY_ID |
|
+---------+-------------------+----------------+
|
| test/t1 | 1 | 1 |
|
+---------+-------------------+----------------+
|
Present in 10.5-12.0
Attachments
Issue Links
- relates to
-
-
- Closed
-