预期“数据库”课程将有新的开端, 我们将 继续发布一系列有关MySQL加密的文章。
( MySQL: ) . , (master key), (envelope encryption).
, ( ) ( , master key). . :
(master key) (keyring), - ( 0 ).
:
A 1 (Key 1). 1 (master key) A.
B 2 (Key 2). 2 (masker key) B.
.
A, , 1 A 1. 1 A.
InnoDB
InnoDB -. , .
InnoDB . (file-per-table tablespace). , , . (general tablespace). - . , , . .
- file-per-table, (system tablespace). Percona Server for MySQL innodbsystablespaceencrypt (encryption threads), . MySQL .
, (master key ID). UUID, KEYID "INNODBKey". : INNODBKey-UUID-KEYID.
UUID - uuid . KEYID - . KEYID 1. , , KEYID = 2 . .
, , , . , . :
KEY ID - KEYID , . UUID - uuid , . TABLESPACE KEY - , 256 , . (IV, initialization vector) 256 ( 128 ). IV AES ( 256 128). CRC32 TABLESPACE KEY IV.
, , . , . , , CRC32.
CRC32?
, . , CRC32, . , . ( ).
: ? - . / UUID, KEYID . (keyring), . , , , - .
( MySQL: ), , , , , , , key id user id, . , , . , , keyid userid, ? . . , . , , , , .
. , ( ), . , , . .
: tablespace_key, . . ? , MySQL , core-. core- , , . , , . , , root- . . root . - , / , root. , , / core- . TDE , , . Percona Server for MySQL . (encryption threads) .