Details

      Description

      Hi,

      After setting up encryption I get this error in the log:
      2015-10-25 16:15:57 140276342356096 [ERROR] InnoDB: Redo log crypto: getting mysqld crypto key from key version failed. Reason could be that requested key_version 1 is not found or required encryption key management is not found.

      Tablespace encryption works:
      insert into test values('hello3');
      [root@DEV-SQLTEST2 mysql]# strings encrypted/test.ibd |grep hello3
      [root@DEV-SQLTEST2 mysql]# strings ib_logfile0 |grep hello3
      hello3
      ALTER TABLE test encrypted=NO;
      [root@DEV-SQLTEST2 mysql]# strings encrypted/test.ibd |grep hello3
      hello3

      Configuration about encryption:

      [mysqld]
      plugin-load-add = file_key_management.so
      file_key_management_filename = /etc/my.cnf.d/encryption
      file-key-management-encryption-algorithm=aes_ctr
       
      innodb-encrypt-tables = FORCE
      innodb-encrypt-log = ON
       
      aria-encrypt-tables = 1
      encrypt-binlog
      encrypt-tmp-disk-tables
      encrypt-tmp-files
      loose-innodb-encrypt-log
      loose-innodb-encrypt-tables

      Other server config:

      [mysqld]
      datadir = /var/lib/mysql
       
      innodb_buffer_pool_size = 1000M
       
      innodb_log_file_size = 128M
       
      default_storage_engine = InnoDB
       
      max_connect_errors = 999999
       
      max_connections = 100
       
      wait_timeout = 120
       
      interactive_timeout = 300
       
       
      performance_schema = ON
       
      long_query_time = 0.1
      slow_query_log = ON
      log_error = /var/log/mysql/mysql.err
      slow_query_log_file = /var/log/mysql/slow_query.log
      sql_error_log_filename = /var/log/mysql/sql_error.log
      plugin-load-add = sql_errlog.so
       
      log_bin
       
      innodb_read_io_threads = 4
      innodb_write_io_threads = 4
       
      innodb_buffer_pool_instances = 1
       
      innodb_io_capacity = 2000
       
       
      innodb_flush_method = O_DIRECT
       
      query_cache_type = OFF
      query_cache_size = 0

      Command to generate key:
      openssl enc -aes-256-ctr -k testEncryption -P -md sha1

      Keys file /etc/my.cnf.d/encryption:

      #test
      1;36D6CB74CA7D4586CCC7261E174079CC5639E5F681D500ADFA887C165AD49301

      Let me know if you need any more info.

      Cheers,
      Michael

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jplindst Jan Lindström
                Reporter:
                michaeldg Michaël de groot
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: