mirror of
https://github.com/MariaDB/server.git
synced 2025-11-10 23:02:54 +03:00
f6d4f624eb
This will change the InnoDB encrypted redo log format only. Unencrypted redo log will keep using the MariaDB 10.3 format. In the new encrypted redo log format, 4 additional bytes will be reserved in the redo log block trailer for storing the encryption key version. For performance reasons, the encryption key rotation (checking if the latest encryption key version is being used) is only done at log_checkpoint(). LOG_HEADER_FORMAT_CURRENT: Remove. LOG_HEADER_FORMAT_ENC_10_4: The encrypted 10.4 format. LOG_BLOCK_KEY: The encryption key version field. LOG_BLOCK_TRL_SIZE: Remove. log_t: Add accessors framing_size(), payload_size(), trailer_offset(), to be used instead of referring to LOG_BLOCK_TRL_SIZE. log_crypt_t: An operation passed to log_crypt(). log_crypt(): Perform decryption, encryption, or encryption with key rotation. Return an error if key rotation at decryption fails. On encryption, keep using the previous key if the rotation fails. At startup, old-format encrypted redo log may be written before the redo log is upgraded (rebuilt) to the latest format. log_write_up_to(): Add the parameter rotate_key=false. log_checkpoint(): Invoke log_write_up_to() with rotate_key=true.
27 lines
827 B
Plaintext
27 lines
827 B
Plaintext
create table t1(a serial) engine=innoDB;
|
|
set global innodb_encrypt_tables=ON;
|
|
show variables like 'innodb_encrypt%';
|
|
Variable_name Value
|
|
innodb_encrypt_log ON
|
|
innodb_encrypt_tables ON
|
|
innodb_encryption_rotate_key_age 2
|
|
innodb_encryption_rotation_iops 100
|
|
innodb_encryption_threads 4
|
|
select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 1;
|
|
count(*)
|
|
0
|
|
set global debug_key_management_version=10;
|
|
select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 10;
|
|
count(*)
|
|
0
|
|
SET GLOBAL debug_dbug = '+d,ib_log';
|
|
SET GLOBAL innodb_log_checkpoint_now = 1;
|
|
SET GLOBAL innodb_flush_log_at_trx_commit = 1;
|
|
INSERT INTO t1 VALUES(NULL);
|
|
set global innodb_encrypt_tables=OFF;
|
|
set global debug_key_management_version=1;
|
|
select * from t1;
|
|
a
|
|
1
|
|
drop table t1;
|