Comments - Data-at-Rest Encryption Overview
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
Ok, found a (slightly cryptic) explanation here, on slide 18, under 4.
http://www.slideshare.net/AmazonWebServices/encryption-and-key-management-in-aws
The cipherblob we get with GenerateDataKey and store on disk, actually contains encrypted master key id + datakey.