Hi All,
Been playing with encryption in 10.1.4 today and there’s a few issues…
Firstly the
manual gives the following example…
“Example my.cnf to enable XtraDB encryption:
[mysqld]
file-key-management
file-key-management-filename = /mount/usb1/keys.txt
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads=4”
But doesn’t make mention of the fact you need to add..
plugin-load-add=file_key_management.so
for this to work.
Secondly…
With this config..
“plugin-load-add=file_key_management.so
file_key_management
file_key_management_filename = /home/rcampbel/key.enc
file_key_management_filekey = FILE:/home/rcampbel/keyfile.txt
file_key_management_encryption_algorithm = AES_CBC
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads = 4”
I receive the following error…
ERROR Innodb: Tablespace id 0 encrypted but encryption service not available. Can’t continue opening tablespace.”
Then if I comment out inndob-encrypt-tables we get a step further but it complains..
“unknown option –innodb-encrypt-logs” <- documentation for
10.1.4 says different
If I change this to…
innodb-encrypt-log
The server then starts up successfully. Here’s a snip of some relevant variables…
After this I do seem to be able to dynamically set innodb_encrypt_tables and create an encrypted table…
Side note file_key_management_plugin.so is missing from the 10.1.3 .tar.gz bundles
Rhys Campbell
Database Administrator
TradingScreen, Inc.
23 York House, 5th Floor
London WC2B 6UJ
Email:
rhys.campbell@tradingscreen.com
Follow TradingScreen on
Twitter ,
Facebook and our blog
Trading Smarter
This message is intended only for the recipient(s) named above and may contain confidential information. If you
are not an intended recipient, you should not review, distribute or copy this message. Please notify the sender immediately by e-mail if you have received this message in error and delete it from your system.