MySQL 8.0.39
Source Code Documentation
|
This file includes the major components for encrypting/decrypting binary log files. More...
#include <openssl/evp.h>
#include <sql/stream_cipher.h>
#include <stdint.h>
#include <map>
#include <string>
#include "my_inttypes.h"
Go to the source code of this file.
Classes | |
class | Rpl_encryption |
The Rpl_encryption class is the container for the binlog encryption feature generic and server instance functions. More... | |
struct | Rpl_encryption::Rpl_encryption_key |
class | Rpl_encryption_header |
This is the base class to serialize and deserialize a replication log file encryption header. More... | |
class | Rpl_encryption_header_v1 |
Variables | |
Rpl_encryption | rpl_encryption |
This file includes the major components for encrypting/decrypting binary log files.
Replication logs
Here, replication logs includes both the binary and relay log files.
File Level Encryption
There is an encryption header in the begin of each encrypted replication log file.
+--------------------+ | Encryption Header | +--------------------+ | Encrypted Data | +--------------------+
The encrypted replication file header includes necessary information to decrypt the encrypted data of the file (the standard binary log file data). For detail, check Rpl_encryption_header class.
Two Tier Keys
Replication logs are encrypted with two tier keys. A 'File Password' for encrypting the standard binary log file data and a 'Replication Encryption Key' for encrypting the 'File Password'.
File password
Each replication log file has a password. A file key used to encrypt the file is generated from the file password. The encrypted 'File Password' is stored into encryption header of the file. For details, check Rpl_encryption_header class.
Replication encryption key
A replication encryption key is used to encrypt/decrypt the file password stored in an encrypted replication file header. It is generated by keyring and stored in/retrieved from keyring.
|
extern |