Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9011

Redo log encryption does not work

    XMLWordPrintable

Details

    Description

      Hi,

      After setting up encryption I get this error in the log:
      2015-10-25 16:15:57 140276342356096 [ERROR] InnoDB: Redo log crypto: getting mysqld crypto key from key version failed. Reason could be that requested key_version 1 is not found or required encryption key management is not found.

      Tablespace encryption works:
      insert into test values('hello3');
      [root@DEV-SQLTEST2 mysql]# strings encrypted/test.ibd |grep hello3
      [root@DEV-SQLTEST2 mysql]# strings ib_logfile0 |grep hello3
      hello3
      ALTER TABLE test encrypted=NO;
      [root@DEV-SQLTEST2 mysql]# strings encrypted/test.ibd |grep hello3
      hello3

      Configuration about encryption:

      [mysqld]
      		 
      plugin-load-add = file_key_management.so
      		 
      file_key_management_filename = /etc/my.cnf.d/encryption
      		 
      file-key-management-encryption-algorithm=aes_ctr
      		 
       
      		 
      innodb-encrypt-tables = FORCE
      		 
      innodb-encrypt-log = ON
      		 
       
      		 
      aria-encrypt-tables = 1
      		 
      encrypt-binlog
      		 
      encrypt-tmp-disk-tables
      		 
      encrypt-tmp-files
      		 
      loose-innodb-encrypt-log
      		 
      loose-innodb-encrypt-tables

      Other server config:

      [mysqld]
      		 
      datadir = /var/lib/mysql
      		 
       
      		 
      innodb_buffer_pool_size = 1000M
      		 
       
      		 
      innodb_log_file_size = 128M
      		 
       
      		 
      default_storage_engine = InnoDB
      		 
       
      		 
      max_connect_errors = 999999
      		 
       
      		 
      max_connections = 100
      		 
       
      		 
      wait_timeout = 120
      		 
       
      		 
      interactive_timeout = 300
      		 
       
      		 
       
      		 
      performance_schema = ON
      		 
       
      		 
      long_query_time = 0.1
      		 
      slow_query_log = ON
      		 
      log_error = /var/log/mysql/mysql.err
      		 
      slow_query_log_file = /var/log/mysql/slow_query.log
      		 
      sql_error_log_filename = /var/log/mysql/sql_error.log
      		 
      plugin-load-add = sql_errlog.so
      		 
       
      		 
      log_bin
      		 
       
      		 
      innodb_read_io_threads = 4
      		 
      innodb_write_io_threads = 4
      		 
       
      		 
      innodb_buffer_pool_instances = 1
      		 
       
      		 
      innodb_io_capacity = 2000
      		 
       
      		 
       
      		 
      innodb_flush_method = O_DIRECT
      		 
       
      		 
      query_cache_type = OFF
      		 
      query_cache_size = 0

      Command to generate key:
      openssl enc -aes-256-ctr -k testEncryption -P -md sha1

      Keys file /etc/my.cnf.d/encryption:

      #test
      		 
      1;36D6CB74CA7D4586CCC7261E174079CC5639E5F681D500ADFA887C165AD49301

      Let me know if you need any more info.

      Cheers,
      Michael

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-11782 Redefine the innodb_encrypt_log format

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jplindst Jan Lindström (Inactive)
              michaeldg Michaël de groot
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.