Re: [Maria-developers] Rotating from encry
Hi Jan,
1) rotating encrypted => unencrypted is definitely supported,
in my latest version the TODO is removed...(hope you have a recent enough
version)
2) Thanks! for testcase, it did indeed reveal a bug with the "encrypted =>
unencrypted => encrypted" sequence
attaching fix.
Let me know it fixes your version of testcase (i've used a modified version
since e.g we don't have per table settings...)
/Jonas
On Fri, May 15, 2015 at 1:23 PM, Jan Lindström
Hi,
At fil0crypt.cc there is
fil_crypt_needs_rotation(uint key_version, const key_state_t *key_state) { // TODO(jonaso): Add support for rotating encrypted => unencrypted
if (key_version == 0 && key_state->key_version != 0) { /* this is rotation unencrypted => encrypted * ignore rotate_key_age */ return true; }
Thus to me it is not clear is the support for rotating encrypted => unencrypted really missing or not and furthermore, see attached test case for this,
encrypted + insert + grep : ok encrypted => unencrypted + grep: ok unencrypted => encrypted + grep: not ok
R: Jan
participants (1)
-
Jonas Oreland