A.17 MySQL 8.4 FAQ: InnoDB 静态数据加密
- A.17.1. Is data decrypted for users who are authorized to see it?
- A.17.2. What is the overhead associated with InnoDB data-at-rest encryption?
- A.17.3. What are the encryption algorithms used with InnoDB data-at-rest encryption?
- A.17.4. Is it possible to use 3rd party encryption algorithms in place of the one provided by the InnoDB data-at-rest encryption feature?
- A.17.5. Can indexed columns be encrypted?
- A.17.6. What data types and data lengths does InnoDB data-at-rest encryption support?
- A.17.7. Does data remain encrypted on the network?
- A.17.8. Does database memory contain cleartext or encrypted data?
- A.17.9. How do I know which data to encrypt?
- A.17.10. How is InnoDB data-at-rest encryption different from encryption functions MySQL already provides?
- A.17.11. Does the transportable tablespaces feature work with InnoDB data-at-rest encryption?
- A.17.12. Does compression work with InnoDB data-at-rest encryption?
- A.17.13. Can I use mysqldump with encrypted tables?
- A.17.14. How do I change (rotate, re-key) the master encryption key?
- A.17.15. How do I migrate data from a cleartext InnoDB tablespace to an encrypted InnoDB tablespace?
A.17.1. |
Is data decrypted for users who are authorized to see it? |
Yes. |
|
A.17.2. |
What is the overhead associated with |
There is no additional storage overhead. According to internal benchmarks, performance overhead amounts to a single digit percentage difference. |
|
A.17.3. |
What are the encryption algorithms used with |
|
|
A.17.4. |
Is it possible to use 3rd party encryption algorithms in place of the one provided by the |
No, it is not possible to use other encryption algorithms. The provided encryption algorithm is broadly accepted. |
|
A.17.5. |
Can indexed columns be encrypted? |
|
|
A.17.6. |
What data types and data lengths does |
|
|
A.17.7. |
Does data remain encrypted on the network? |
Data encrypted by the |
|
A.17.8. |
Does database memory contain cleartext or encrypted data? |
With |
|
A.17.9. |
How do I know which data to encrypt? |
Compliance with the PCI-DSS standard requires that credit card numbers (Primary Account Number, or 'PAN') be stored in encrypted form. Breach Notification Laws (for example, CA SB 1386, CA AB 1950, and similar laws in 43+ more US states) require encryption of first name, last name, driver license number, and other PII data. In early 2008, CA AB 1298 added medical and health insurance information to PII data. Additionally, industry specific privacy and security standards may require encryption of certain assets. For example, assets such as pharmaceutical research results, oil field exploration results, financial contracts, or personal data of law enforcement informants may require encryption. In the health care industry, the privacy of patient data, health records and X-ray images is of the highest importance. |
|
A.17.10. |
How is |
There are symmetric and asymmetric encryption APIs in MySQL that can be used to manually encrypt data within the database. However, the application must manage encryption keys and perform required encryption and decryption operations by calling API functions. |
|
A.17.11. |
Does the transportable tablespaces feature work with |
Yes. It is supported for encrypted file-per-table tablespaces. For more information, see Exporting Encrypted Tablespaces. |
|
A.17.12. |
Does compression work with |
Customers using |
|
A.17.13. |
Can I use |
Yes. Because these utilities create logical backups, the data dumped from encrypted tables is not encrypted. |
|
A.17.14. |
How do I change (rotate, re-key) the master encryption key? |
|
|
A.17.15. |
How do I migrate data from a cleartext |
Transferring data from one tablespace to another is not required. To encrypt data in an |