Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8589

Non-default ENCRYPTION_KEY_ID is ignored upon reading a table

Details

    • 10.1.7-2

    Description

      • create a table with ENCRYPTION_KEY_ID=2 (a valid key in the keys file);
      • insert data into the table;
      • restart server with a different keys file, where key 2 is different or is absent at all;
      • try to read the table =>
        it returns the data.

      I would expect that the table would not be readable.
      Note: maybe I just don't understand how it meant to work, but it does not look right.

      Test case

      		 
      -- source include/have_innodb.inc
      		 
       
      		 
      --echo
      		 
      --echo # Start server with keys2.txt
      		 
      -- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt --plugin-load-add=file_key_management --innodb-encrypt-log
      		 
      -- source include/restart_mysqld.inc
      		 
       
      		 
      CREATE TABLE t1 (c VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=2;
      		 
      INSERT INTO t1 VALUES ('foobar');
      		 
       
      		 
      --echo
      		 
      --echo # Restart server with keys3.txt
      		 
      -- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys3.txt --plugin-load-add=file_key_management --innodb-encrypt-log
      		 
      -- source include/restart_mysqld.inc
      		 
       
      		 
      SELECT * FROM t1;
      		 
       
      		 
      --echo
      		 
      --echo # Old keys file
      		 
      --cat_file $MYSQL_TEST_DIR/std_data/keys2.txt
      		 
      --echo
      		 
      --echo # New keys file
      		 
      --cat_file $MYSQL_TEST_DIR/std_data/keys3.txt
      		 
       
      		 
      --echo # KEY 2 values are different ^^^^
      		 
       
      		 
      DROP TABLE t1;

      Output

      		 
      # Start server with keys2.txt
      		 
      CREATE TABLE t1 (c VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=2;
      		 
      INSERT INTO t1 VALUES ('foobar');
      		 
       
      		 
      # Restart server with keys3.txt
      		 
      SELECT * FROM t1;
      		 
      c
      		 
      foobar
      		 
       
      		 
      # Old keys file
      		 
      1;593E580927F47AB530D3B1237CDEF6D6
      		 
      2;352E42F1B9DB5CB915C3262FE745520A
      		 
      3;CFE065600F5EB57481075C65180C3F8A
      		 
      4;205379930183490D3BECA139BDF4DB5B
      		 
      5;E2D944D5D837A1DCB22FF7FD397892EE
      		 
      6;BAFE99B0BB87F2CD33A6AF26A11F6BD1
      		 
       
      		 
      # New keys file
      		 
      1;593E580927F47AB530D3B1237CDEF6D6
      		 
      2;E4B00A45BF775B4E07D634EC5CA5912B
      		 
      3;6E35ACB162B29D1FB9E178021DAF16ED
      		 
      4;971A664A88EE0022D408E40BFAB17E79
      		 
      5;C4FF86FD89879380DA97EAC0BA3057B7
      		 
      6;BAFE99B0BB87F2CD33A6AF26A11F6BD1
      		 
       
      		 
      # KEY 2 values are different ^^^^
      		 
      DROP TABLE t1;

      Attachments

        Activity

          People

            jplindst Jan Lindström (Inactive)
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.