Details

    • Type: New Feature
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 5.7, Not 5.5, Not 5.6
    • Fix Version/s: 5.7.22-22
    • Component/s: None

      Description

      For each temporary file, an encryption key is generated locally, only kept in memory for the lifetime of the temporary file, and discarded afterwards.
      Note that this is implementation is different from MariaDB in order to reduce latency which might be inflicted by going to a remote key source through the encryption plugin.
      Implementation will ensure that local per-file key generation is cheap enough even in the case of high rate of temp file creation. If it is found to be too expensive, then implementation will switch to local keys that are shared between temp files and are regenerated at certain intervals.

      The feature is enabled by a new non-dynamic, boolean, global encrypt-tmp-files option, ported from MariaDB.

      File data must be encrypted using AES 256-bit algorithm in CBC block mode.

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  yura.sorokin Yura Sorokin
                  Reporter:
                  yura.sorokin Yura Sorokin
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 2 weeks, 3 days, 2 hours, 27 minutes
                    2w 3d 2h 27m