Hi, Honza! On Jul 14, Honza Horak wrote:
I've asked directly in the documentation page, but maybe someone will know answer here: https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#comment_2346
In that article it is said that 128, 192 or 256-bit keys are supported, but later AES_CTR and AES_CBC modes talk only about 128bit keys. What piece of information am I missing?
The article says "the plugin will use AES with the 128-bit keys in the CTR mode for encrypting tablespace pages". Because tablespace pages are always encrypted with a 128-bit tablespace key. Which is different for every tablespace and it is generated from the user-specified key, which might be 128-, 192-, or 256-bit. Temporary files and binary logs are encrypted directly with the user-specified key of a user-specified length. Regards, Sergei Chief Architect MariaDB and security@mariadb.org