[Maria-discuss] About data encryption
Hi Can someone tell me which algorithm uses MariaDB when using table encryption? Looking at https://mariadb.com/kb/en/library/data-at-rest-encryption/ <https://mariadb.com/kb/en/library/data-at-rest-encryption/> Seems to talk only about encryption of the key file, but not on the database data. I've been looking for a while and haven't found complete documentation about it. I've even taken a look at the MariaDB source code, in the file /storage/innobase/fil/fil0crypt.cc <http://fil0crypt.cc/> Seems the encryption is done by AES algorithm, but I'm not sure, and I don't know the key size neither the mode of operation. Thanks Cesar
Hi, Cesar! On Dec 14, Cesar Hernandez wrote:
Hi
Can someone tell me which algorithm uses MariaDB when using table encryption? Looking at https://mariadb.com/kb/en/library/data-at-rest-encryption/ Seems to talk only about encryption of the key file, but not on the database data.
Not really, the manual talks about the data. Let me quote it here: The file_key_management_encryption_algorithm can be set to AES_CBC or AES_CTR. AES_CTR is not always available (only if MariaDB was built with recent openSSL) but in case it is available, we recommend to use it. If set to AES_CBC, the plugin will use AES with 128-bit keys in the CBC mode. If set to AES_CTR, the plugin will use AES with the 128-bit keys in the CTR mode for encrypting tablespace pages (InnoDB, XtraDB, and Aria), and it will use AES in the authenticated GCM mode for temporary files (where the cyphertext is allowed to be larger than the plaintext). See? "will use AES with the 128-bit keys in the CTR mode for encrypting tablespace pages" - that is database data. Regards, Sergei Chief Architect MariaDB and security@mariadb.org
participants (2)
-
Cesar Hernandez
-
Sergei Golubchik