在Windows环境下,设置MySQL表空间加密的操作如下:
-
安装MySQL Enterprise Edition或MySQL Community Edition的加密插件。
-
在MySQL配置文件my.cnf中添加以下行:
[mysqld]
plugin-load-add=file_key_management.so
file_key_management_encryption_algorithm=AES_CBC
file_key_management_filename=C:/mysql/keys.txt
其中,file_key_management_encryption_algorithm指定加密算法,file_key_management_filename指定存储密钥的文件路径。
- 创建一个加密表空间:
CREATE TABLESPACE encrypted_tbs ADD DATAFILE 'C:/mysql/data/encrypted_tbs.ibd' ENGINE=InnoDB ENCRYPTION='Y';
其中,ENCRYPTION='Y’指定启用加密。
- 将表空间加密密钥添加到密钥文件中:
mysql> CREATE TABLESPACE encrypted_tbs ADD DATAFILE 'C:/mysql/data/encrypted_tbs.ibd' ENGINE=InnoDB ENCRYPTION='Y';
Query OK, 0 rows affected (0.01 sec)
mysql> SELECT FILE_NAME, SPACE_TYPE, SPACE_NAME, ENCRYPTION, SPACE_ID FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE SPACE_NAME='encrypted_tbs';
+-----------------------------+-----------+-------------+------------+----------+
| FILE_NAME | SPACE_TYPE| SPACE_NAME | ENCRYPTION | SPACE_ID |
+-----------------------------+-----------+-------------+------------+----------+
| C:\mysql\data\encrypted_tbs.ibd | Single | encrypted_tbs| Y | 13 |
+-----------------------------+-----------+-------------+------------+----------+
1 row in set (0.00 sec)
mysql> SELECT * FROM INFORMATION_SCHEMA.INNODB_SYS_DATAFILES WHERE SPACE=13;
+--------+-----------------------------+-----------+------+----------------+------------+----------+------------+----------------+---------------------+---------------------+
| SPACE | PATH | FILE_NAME | SIZE | ALLOCATED_SIZE | AUTOEXTEND | MAX_SIZE | EXTENT_SIZE | DATA_FREE | CREATE_TIME | DROP_TIME |
+--------+-----------------------------+-----------+------+----------------+------------+----------+------------+----------------+---------------------+---------------------+
| 13 | C:\mysql\data\encrypted_tbs.ibd | encrypted_tbs.ibd | 128M | 0 | 0 | 0 | 64M | 125829120 | 2021-04-01 17:02:58 | 0000-00-00 00:00:00 |
+--------+-----------------------------+-----------+------+----------------+------------+----------+------------+----------------+---------------------+---------------------+
1 row in set (0.00 sec)
mysql> SET @key_file = 'C:/mysql/keys.txt';
mysql> SET @key_file_table = 'file_key_management';
mysql> SET @key_file_key = 'file_key';
mysql> SET @space_id = 13;
mysql> SET @key_length = 16;
mysql> SET @key = UNHEX('0123456789ABCDEF0123456789ABCDEF');
mysql> INSERT INTO file_key_management VALUES (@key_file, @key_file_table, @key_file_key, @space_id, @key_length, @key);
Query OK, 1 row affected (0.00 sec)
其中,@key_file指定密钥文件路径,@key_file_table和@key_file_key指定密钥在密钥文件中的位置,@space_id指定表空间ID,@key_length指定密钥长度,@key指定密钥值。
- 将表移动到加密表空间中:
ALTER TABLE my_table TABLESPACE encrypted_tbs;
- 验证表空间是否加密:
mysql> SELECT * FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE SPACE_NAME='encrypted_tbs';
+-----------------------------+-----------+-------------+------------+----------+
| FILE_NAME | SPACE_TYPE| SPACE_NAME | ENCRYPTION | SPACE_ID |
+-----------------------------+-----------+-------------+------------+----------+
| C:\mysql\data\encrypted_tbs.ibd | Single | encrypted_tbs| Y | 13 |
+-----------------------------+-----------+-------------+------------+----------+
1 row in set (0.00 sec)
mysql> SELECT * FROM INFORMATION_SCHEMA.INNODB_SYS_DATAFILES WHERE SPACE=13;
+--------+-----------------------------+-----------+------+----------------+------------+----------+------------+----------------+---------------------+---------------------+
| SPACE | PATH | FILE_NAME | SIZE | ALLOCATED_SIZE | AUTOEXTEND | MAX_SIZE | EXTENT_SIZE | DATA_FREE | CREATE_TIME | DROP_TIME |
+--------+-----------------------------+-----------+------+----------------+------------+----------+------------+----------------+---------------------+---------------------+
| 13 | C:\mysql\data\encrypted_tbs.ibd | encrypted_tbs.ibd | 128M | 0 | 0 | 0 | 64M | 125829120 | 2021-04-01 17:02:58 | 0000-00-00 00:00:00 |
+--------+-----------------------------+-----------+------+----------------+------------+----------+------------+----------------+---------------------+---------------------+
1 row in set (0.00 sec)
mysql> SELECT * FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES_ENCRYPTION WHERE SPACE_ID=13;
+----------+-----------------------------+----------------+---------------------+---------------------+
| SPACE_ID | FILE_NAME | ALGORITHM | KEY_ID | KEY_VERSION |
+----------+-----------------------------+----------------+---------------------+---------------------+
| 13 | C:\mysql\data\encrypted_tbs.ibd | AES_CBC | file_key_management | 00000000000000000001 |
+----------+-----------------------------+----------------+---------------------+---------------------+
1 row in set (0.00 sec)
其中,INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES_ENCRYPTION表显示表空间加密信息。