Comments - Encryption Key Management

6 years, 8 months ago Marco Banfi

There is a small typo:

# openssl enc -aes-256-cbc -md sha11 -k your_passwd \
      -in /etc/mysql/keys -out /etc/mysql/keys.enc

Should be:

# openssl enc -aes-256-cbc -md sha1 -k your_passwd \
      -in /etc/mysql/keys -out /etc/mysql/keys.enc

sha11 doesn't exist.

 
6 years, 8 months ago Kenneth Dyer

Fixed. Much obliged.

 
6 years, 7 months ago Marco Banfi

Thanks to you. BTW: Maybe I spotted another one while trying to use the instructions (I can't manage to load file_management_plugin from .cnf file... sigh).

The config sample uses:

file_key_management_encryption

while the variable should be:

file_key_management_encryption_algorithm

either one or the other is wrong (which one?)

 
6 years, 7 months ago Zbigniew Szmigiero

file_key_management_encryption_algorithm - works for me

you need also install plugin using SQL command:

install plugin FILE_KEY_MANAGEMENT soname 'file_key_management';

The plugin installation will work is configuration is correct - the errors will describe where the potential mistake appears.

 
6 years, 7 months ago Marco Banfi

Thanks.

The *_algorithm is the right one, I've already managed to make it work. There was a problem of file rights (the files where only root readable, but the mysqld switched to mysql before reading).

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.