MySQL 8.4.3
Source Code Documentation
rpl_log_encryption.h File Reference

This file includes the major components for encrypting/decrypting binary log files. More...

#include <openssl/evp.h>
#include <sql/stream_cipher.h>
#include <stdint.h>
#include <map>
#include <string>
#include "my_inttypes.h"

Go to the source code of this file.

Classes

class  Rpl_encryption
 The Rpl_encryption class is the container for the binlog encryption feature generic and server instance functions. More...
 
struct  Rpl_encryption::Rpl_encryption_key
 
class  Rpl_encryption_header
 This is the base class to serialize and deserialize a replication log file encryption header. More...
 
class  Rpl_encryption_header_v1
 

Variables

Rpl_encryption rpl_encryption
 

Detailed Description

This file includes the major components for encrypting/decrypting binary log files.

Replication logs

Here, replication logs includes both the binary and relay log files.

File Level Encryption

  • All standard binary log file data (including BINLOG_MAGIC) in replication logs are encrypted.
  • A replication log file is either encrypted or not (standard binary log file). It is not possible that part of a log file is encrypted and part of it is non-encrypted.
  • There is an encryption header in the begin of each encrypted replication log file.

              +--------------------+
              |  Encryption Header |
              +--------------------+
              |  Encrypted Data    |
              +--------------------+
        

    The encrypted replication file header includes necessary information to decrypt the encrypted data of the file (the standard binary log file data). For detail, check Rpl_encryption_header class.

Two Tier Keys

Replication logs are encrypted with two tier keys. A 'File Password' for encrypting the standard binary log file data and a 'Replication Encryption Key' for encrypting the 'File Password'.

  • File password

    Each replication log file has a password. A file key used to encrypt the file is generated from the file password. The encrypted 'File Password' is stored into encryption header of the file. For details, check Rpl_encryption_header class.

  • Replication encryption key

    A replication encryption key is used to encrypt/decrypt the file password stored in an encrypted replication file header. It is generated by keyring and stored in/retrieved from keyring.

Variable Documentation

◆ rpl_encryption

Rpl_encryption rpl_encryption
extern