circle-info
Webinar | The Great Database Exodus: Navigating Strategic Risk in the Post-Oracle MySQL Era
Register Nowarrow-up-right
search
Download MariaDBContact Us

START_ENCRYPTION_EVENT

This event marks the beginning of encrypted data in the binary log, defining the encryption scheme and key version for subsequent events.

The START_ENCRYPTION event is written to every binary log file if encrypt_binlog is set to ON.

This event is written just once, after the Format Description event (which is the first event of a binlog file at pos 4).

The event has the 19 bytes event header with EventType set to value 164 (0xa4) + 17 bytes data.

hashtag
Header

  • Event type is 164 (0xa4).

hashtag
Fields

  • uint<1> The Encryption scheme, always set to 1 for system files.

  • uint<4> The Encryption key version.

  • byte<12> Nonce (12 random bytes) of current binlog file.

hashtag
Decryption of Following Events

All data of following events in the binlog file are encrypted, except for the event_length field.

The 16 byte encryption IV is generated from the 12 byte nonce (uint<12>) in the binlog plus the current position of the event being encrypted (uint<4>). This means the last four bytes of the IV change for every event and the first 12 bytes change for every binlog file.

Since the event_length is always unencrypted, the encrypted data block has to be modified before it can be decrypted:

  • Store event_length.

  • Copy the first four bytes (encrypted timestamp) to event_length position (offset=9).

  • Decrypt starting from offset 4 and store result at offset 4 of decrypted buffer.

The unencrypted block now also needs to be modified:

  • Move unencrypted timestamp value from offset 9 to the beginning (offset=0).

  • Store event_length at position 9.

hashtag
Complete example with CRC32 from a binary log.

hashtag
Header, 19 Bytes

  • timestamp [4] = b8 5f 5a 59 => 59 5a 5f b8 => 1499094968 [2017-07-03 17:16:08].

  • type [1} = a4 => 164.

  • server_id [4} = 5d 00 00 00 => 00 00 00 5d => 93.

  • event_size [4] = 28 00 00 00 => 00 00 00 28 => 40 [header + content + crc32(header + content)].

  • next_pos [4] = 21 01 00 00 => 00 00 01 21 => 289.

  • flags [2] = 00 00 => 0.

hashtag
Content, 17 Bytes

  • Enc scheme [1] = 01 => 1.

  • Enc key ver [4] = 01 00 00 00 => 00 00 00 01 => 1.

  • Nonce [12] = eWP&cY7F/;3#.

hashtag
CRC32, 4 bytes, of the Whole Event (Header[19] + Content[17])

  • 06 bb da 62 => 62 da bb 06 => 1658501894.

This page is licensed: CC BY-SA / Gnu FDL

spinner
PreviousROWS_EVENT_V1/V2, ROWS_COMPRESSED_EVENT_V1NextSTOP_EVENT

Last updated

Was this helpful?