Hi, Honza! On Jul 19, Honza Horak wrote: > On 07/15/2016 11:31 AM, Sergei Golubchik wrote: > > > > On Jul 14, Honza Horak wrote: > >> I've asked directly in the documentation page, but maybe someone will > >> know answer here: > >> https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#comment_2346 > >> > >> In that article it is said that 128, 192 or 256-bit keys are > >> supported, but later AES_CTR and AES_CBC modes talk only about > >> 128bit keys. What piece of information am I missing? > > > > The article says "the plugin will use AES with the 128-bit keys in > > the CTR mode for encrypting tablespace pages". > > > > Because tablespace pages are always encrypted with a 128-bit > > tablespace key. Which is different for every tablespace and it is > > generated from the user-specified key, which might be 128-, 192-, or > > 256-bit. > > > > Temporary files and binary logs are encrypted directly with the > > user-specified key of a user-specified length. > > Thanks for the answer, but one more question to make sure I understand > it correctly -- in case of choosing CBC mode, 128 keys are used only > for tablespace pages or also for temporary files and binary logs?
Depends on your keys that you've specified in a file. Say, if you've put 192-bit keys there, then 192-bit keys will be used to encrypt temporary files and binary logs. And 192-bit key will be used to generate a 128-bit tablespace key, which in turn will used to encrypt a tablespace. It does not depend on the mode, CBC or CTR. Regards, Sergei _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
