[PS-7044] Provide Enterprise Encryption UDFs for OpenSSL - Percona JIRA

XML

Word

Printable

Details

Type: New Feature
Status: Done
Priority: Medium
Resolution: Done
Affects Version/s: 8.0.x, Not 5.6.x, Not 5.7.x
Fix Version/s: 8.0.28-20 (Q1 2022 feature release)
Component/s: None
Labels:
- strategic

Description

What is it we are doing?

MySQL Enterprise Edition ships a set of UDFs which wrap OpenSSL functionality to make it easier for developers to encrypt and decrypt data in their application before it is written to the database, we should replicate and ship these UDFs as well.

Why are we doing it?

Enterprise developers often implement some crypto functionality in their application for data which will end up in the database. Providing these helper functions simplifies their work and helps to standardize on best practices for how to achieve these actions. It is also an additional feature from competing Enterprise Editions that we can tout as having open-sourced in Percona Server for marketing purposes.

Are there any restrictions on when this needs to be done?

This should be added into PS 8.0, but could be also added in 5.7. This will be considered a PS 8.0 launch feature though.

Are there any unanswered questions we have about this before it can be worked on?

How much effort is required to replicate these? How many UDFs do we think we can replicate easily? Do we have a list of all the UDFs that are shipped in upstream EE?

https://confluence.percona.com/display/PS/Enterprise+Encryption+UDFs+for+OpenSSL

Attachments

Issue Links

blocks

PS-8160 Include new Encryption UDF component into .deb / .rpm / .tgz packages

Done

created

PS-8065 Document Encryption UDFs for OpenSSL (8.0.28)

Done

PS-8160 Include new Encryption UDF component into .deb / .rpm / .tgz packages

Done

is blocked by

PS-7348 Create a set of C++ classes/macros that would simplify the creation of new UDFs

Done

relates to

PS-8277 Assertion in vio_ssl_write() after executing asymmetric_verify() UDF

Done

PS-8135 -DWITH_ENCRYPTION_UDF is set to default, but does not work as expected

Done

PS-8137 server crashes when trying to decrypt a key using asymmetric_decrypt UDF

Done

PS-8139 Unable to create key using create_asymmetric_priv_key UDF for DSA algorithm when key length > 9984

Done

PS-8146 create_dh_parameters unable to generate keys in reasonable time, unable to abort query

Done

PS-8147 Generated RSA keys from openssl genrsa does not match the keys generated from UDF

Done

PS-8148 asymmetric_encrypt() UDF does not work with external RSA public key

Done

PS-8149 asymmetric_verify() UDF fails to verify signature against digest when external RSA keys are used for encryption

Done

PS-8152 Fix spelling errors in new MTR testcases for UDF encryption

Done

PS-8246 Adapt Encryption UDF MTR test cases to OpenSSL 3.0.x

Done

PS-8261 Blog: Digital Signatures - Another Layer of Data Protection in Percona Server

Done

PS-8353 Transition Encryption UDFs to GA status in PS 8.0.30

Done

PS-8289 Extend Encryption UDF component with Elliptic Curves (EC) primitives

Open

PS-8290 Extend Encryption UDFs component with support for encrypted private keys

Open

mentioned in: Page Loading...; Page Loading...

(13 relates to, 2 mentioned in)

Activity

People

Assignee:: Yura Sorokin

Reporter:: Kathy Williamson (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/May/20 12:06 PM

Updated:: 10/Feb/23 1:07 PM

Resolved:: 19/May/22 1:28 PM

Time Tracking

Estimated:

Not Specified

Remaining: