Encryption

  • The column length will be altered after encryption
  • If the encrypted table name or encrypted column name is changed, it may cause unmatching policy. Thus, users do not make a change to encrypted table name or column name
  • Users can only put Basic Latin Letters (a..z, A..Z), digits (0..9) and underscore (_)
  • If there is a blank at column, the blank also will be encrypted. Thus, it may show different result from Myisam
  • FK encryption is not available
  • Auto_increment is not available for column to encrypt
  • See the following for data type that partial encrypting is available
  • See the following for data type that double encryption is available
  • DDL (Data Definition Language) sentence is not available for table to encrypt
  • Changing policy is not available when DBMS is in operation (The decryption and re-encryption process is needed)
  • When cloning a MariaDB after decryption, it can be encrypted except for the following case
    • If the data type is CHAR or VARCHAR, it is not available for encrypting data which is cloned through ‘binlog’
  • It can be encrypted under following combined storage engine environment
    • MySQL 5.5/MySQL 5.6/MariaDB 5.5 + MyISAM Storage Engine/InnoDB Storage Engine
    • MariaDB 10.0 + MyISAM Storage Engine/Aria Storage Engine/InnoDB Storage Engine
  • It would not be encrypted immediately if Excel file or XML file (CSV file) using plain text is being loaded directly through WorkBench
  • When decrypting, it is available only for switch from DE-MYQ to MyISAM or InnoDB
  • It is not available for automatic inspection and optimization with encrypted table through DE-MYQ or encryption engine through MySQLCheck and Cron
  • It is not available to search for encrypted table data using Sphinx or SphinxSE

 

Data type

  • Available data type
  • Entire encryption: CHAR, VARCHAR, VARBINARY, TINYTEXT, TEXT, MEDIUMTEXT, LONGTEXT, TINYBLOB, BLOB, MEDIUMBLOB, LONGBLOB, TINYINT, SMALLINT, MEDIUMINT, INT, BIGINT, FLOAT, DOUBLE, DATE, TIME, DATETIME, TIMESTAMP, YEAR
  • Partial encryption: CHAR, VARCHAR, VARBINARY

 

String type

CHAR, VARCHAR, VARBINARY, TINYTEXT, TEXT, MEDIUMTEXT, LONGTEXT, TINYBLOB, BLOB, MEDIUMBLOB, LONGBLOB

  • CHAR, VARCHAR, VARBINARY type
    • It can be encrypted partially (Other datatypes are not available)
  • CHAR type
    • It is limited to 255 Byte of data size in MySQL. Thus, there is a limitation on column length before encryption.
    • Encryption using FIV: Limitation on maximum column length to 239 Byte before encryption
    • Encryption using VIV: Limitation on maximum column length to 237 Byte before encryption
    • MySQLDump is not available for encrypting NULL and ‘’(BLANK)
    • It is available for encrypting NULL, ‘’(BLANK)
      • NULL: NULL will be encrypted and saved after switching to ‘’(BLANK). If encryption/decryption are turned off, it will show blank
      • ‘’(BLANK): available for encryption
  • Datatypes excluding CHAR
    • NULL, ‘’(BLANK) cannot be encrypted, it will be saved as plain text
  • LONGBLOB type
    • When encrypting, possible size for encryption depends on server’s memory

 

Numeric type

TINYINT, SMALLINT, MEDIUMINT, INT, BIGINT, FLOAT, DOUBLE

  • DECIMAL, NUMERIC types are not available
  • VIV is  not available (FIV is available)
  • BLOCK MODE: CFB only (If SG-KMS is linked, CFB_BYTE is available)
  • ENCODE MODE: RAW only (BASE64, HEXSTRING is not available)
  • NULL, ‘’(BLANK) cannot be encrypted, it will be saved as plain text
  • INT type
    • With the special characteristic, setting for avoiding double encryption is not available

 

Date and Time type

DATE, TIME, DATETIME, TIMESTAMP, YEAR

  • The constraint of Numeric type is included
  • NULL, ‘’(BLANK) cannot be encrypted, it will be saved as plain text
  • TimeStamp type
    • When input NULL value, it will be put the present time
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.