MySQL 8.0 Reference Manual
MySQL 8.0 Release Notes
The ndbxfrm utility, introduced in NDB 8.0.22, can be used to decompress, decrypt, and output information about files created by NDB Cluster that are compressed, encrypted, or both. It can also be used to compress or encrypt files.
Table 5.28 Command-line options used with the program ndbxfrm
| Format | Description | Added, Deprecated, or Removed |
|---|---|---|
| Compress file | ADDED: NDB 8.0.22 |
|
| Use this password to decrypt file | ADDED: NDB 8.0.22 |
|
| Get decryption password in a secure fashion from STDIN | ADDED: NDB 8.0.24 |
|
| Read given file after global files are read | (Supported in all NDB releases based on MySQL 8.0) |
|
| Also read groups with concat(group, suffix) | (Supported in all NDB releases based on MySQL 8.0) |
|
| Read default options from given file only | (Supported in all NDB releases based on MySQL 8.0) |
|
| Size of input data chunks encrypted as a unit. Used with XTS, set to zero for CBC mode | ADDED: NDB 8.0.29 |
|
| Encryption cipher: 1 for CBC, 2 for XTS | ADDED: NDB 8.0.29 |
|
| Number of iterations used in key definition | ADDED: NDB 8.0.22 |
|
| Use this password to encrypt file | ADDED: NDB 8.0.22 |
|
| Get encryption password in a secure fashion from STDIN | ADDED: NDB 8.0.24 |
|
| Print usage information | ADDED: NDB 8.0.22 |
|
| Print file information | ADDED: NDB 8.0.22 |
|
| Read given path from login file | (Supported in all NDB releases based on MySQL 8.0) |
|
| Do not read default options from any option file other than login file | (Supported in all NDB releases based on MySQL 8.0) |
|
| Print program argument list and exit | (Supported in all NDB releases based on MySQL 8.0) |
|
| Prints usage information; synonym for --help | ADDED: NDB 8.0.22 |
|
| Output version information | ADDED: NDB 8.0.22 |
Usage
ndbxfrm --info file[ file ...]
ndbxfrm --compress input_file output_file
ndbxfrm --decrypt-password=password input_file output_file
ndbxfrm [--encrypt-ldf-iter-count=#] --encrypt-password=password input_file output_file
input_file and
output_file cannot be the same file.
Options
Compresses the input file, using the same compression method as is used for compressing NDB Cluster backups, and writes the output to an output file. To decompress a compressed
NDBbackup file that is not encrypted, it is necessary only to invoke ndbxfrm using the names of the compressed file and an output file (with no options required).Decrypts a file encrypted by
NDBusing the password supplied.--decrypt-password-from-stdin[=TRUE|FALSE]Decrypts a file encrypted by
NDB, using a password supplied from standard input. This is similar to entering a password after invoking mysql--passwordwith no password following the option.-
Command-Line Format --defaults-extra-file=pathType String Default Value [none]Read given file after global files are read.
-
Command-Line Format --defaults-file=pathType String Default Value [none]Read default options from given file only.
-
Command-Line Format --defaults-group-suffix=stringType String Default Value [none]Also read groups with concat(group, suffix).
Size of input data chunks that are encrypted as a unit. Used with XTS; set to
0(the default) for CBC mode.Cipher used for encryption. Set to
1for CBC mode (the default), or2for XTS.--encrypt-kdf-iter-count=,#-k#When encrypting a file, specifies the number of iterations to use for the encryption key. Requires the
--encrypt-passwordoption.Encrypts the backup file using the password supplied by the option. The password must meet the requirements listed here:
Uses any of the printable ASCII characters except
!,',",$,%,\,`, and^Is no more than 256 characters in length
Is enclosed by single or double quotation marks
--encrypt-password-from-stdin[=TRUE|FALSE]Encrypts a file using a password supplied from standard input. This is similar to entering a password is entered after invoking mysql
--passwordwith no password following the option.Prints usage information for the program.
Prints the following information about one or more input files:
The name of the file
Whether the file is compressed (
compression=yesorcompression=no)Whether the file is encrypted (
encryption=yesorencryption=no)
Example:
$> ndbxfrm -i BACKUP-10-0.5.Data BACKUP-10.5.ctl BACKUP-10.5.log File=BACKUP-10-0.5.Data, compression=no, encryption=yes File=BACKUP-10.5.ctl, compression=no, encryption=yes File=BACKUP-10.5.log, compression=no, encryption=yes-
Command-Line Format --login-path=pathType String Default Value [none]Read given path from login file.
-
Command-Line Format --no-defaultsDo not read default options from any option file other than login file.
-
Command-Line Format --print-defaultsPrint program argument list and exit.
Synonym for
--help.Prints out version information.
ndbxfrm can encrypt backups created by any
version of NDB Cluster. The .Data,
.ctl, and .log files
comprising the backup must be encrypted separately, and these
files must be encrypted separately for each data node. Once
encrypted, such backups can be decrypted only by
ndbxfrm, ndb_restore, or
ndb_print_backup from NDB Cluster 8.0.22 or
later.
An encrypted file can be re-encrypted with a new password using
the --encrypt-password and
--decrypt-password options
together, like this:
ndbxfrm --decrypt-password=old --encrypt-password=new input_file output_file
In the example just shown, old and
new are the old and new passwords,
respectively; both of these must be quoted. The input file is
decrypted and then encrypted as the output file. The input file
itself is not changed; if you do not want it to be accessible
using the old password, you must remove the input file manually.