Kingbase column encryption supports SM4 and RC4 encryption algorithms. The specific algorithm is specified in initdb. The default is SM4. To use column encryption, you must shared_ preload_ libraries = ‘sysencrypt’
1. Column encryption
Create two tables: encrypted and unencrypted
test=# create table t1_encrypt(name text encrypted);
CREATE TABLE
test=# create table t1_noencrypt(name text);
CREATE TABLE
test=# insert into t1_encrypt values('kingbase');
INSERT 0 1
test=# insert into t1_noencrypt values('kingbase');
INSERT 0 1
Check the encryption with hexdump
Encryption table:
[kingbase@dbhost03 61904]$ hexdump -c 71512 0000000 \0 \0 \0 \0 P 344 E 224 \0 \0 \0 \0 \0 240 037 0000010 \0 004 \0 \0 \0 \0 320 237 R \0 240 237 R \0 0000020 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 * 0001fa0 001 334 003 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 0001fe0 001 \0 001 020 002 \b 030 \0 # 314 N 223 345 f 272 N 0001ff0 211 246 225 375 026 372 f 206 365 \0 \0 \0 \0 \0 \0 \0 0002000
Unencrypted table: you can see that Kingbase is plaintext
[kingbase@dbhost03 61904]$ hexdump -c 71518 0000000 \0 \0 \0 \0 270 344 E 224 \0 \0 \0 \0 034 \0 330 037 0000010 \0 004 \0 \0 \0 \0 330 237 B \0 \0 \0 \0 \0 0000020 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 * 0001fd0 \0 \0 \0 \0 \0 \0 \0 \0 002 334 003 \0 \0 \0 \0 \0 0001fe0 \0 \0 \0 \0 \0 \0 \0 \0 001 \0 001 \0 002 \b 030 \0 0001ff0 023 k i n g b a s e \0 \0 \0 \0 \0 \0 \0 0002000
2. Column encryption usage restrictions
1. Tablespace encryption and column encryption cannot be used at the same time
If encryption is enabled for a tablespace, you can no longer create tables with encrypted columns on that tablespace. The specific error reports are as follows:
test=# CREATE TABLE t1(id INT, name VARCHAR(100) encrypted) TABLESPACE tsp1; ERROR: Column encryption and tablepspace encryption cannot be userd at the same time.
2. After closing the wallet, you cannot create or delete encrypted tables
test=# closeup wallet with password "Kingbase"; WARNING: wallet alread closed CLOSE WALLET test=# drop table t1_encrypt; ERROR: wallet status is closed, open wallet and try again test=# create table t2_encrypt(name text encrypted); ERROR: wallet status is closed, open wallet and try again
3. Cannot modify columns as encrypted or unencrypted
test=# alter table t1_encrypt alter column name type text; ERROR: cannot modify encrypted column type. test=# alter table t1_noencrypt alter column name set encrypted; ERROR: syntax error at or near "encrypted" LINE 1: alter table t1_noencrypt alter column name set encrypted;
4. Encrypted column does not support blob, CLOB
test=# create table t1_encrypt(name clob encrypted); ERROR: BLOB, CLOB or composite type columns can't be encrypted
Similar Posts:
- Postgres invalid command data recovery processing
- ERROR: Functions in index expression must be marked IMMUTABLE
- ORA-30567: name already used by an existing [How to Solve]
- used in key specification without a key length
- [Solved] Oracle :value too large for column “SCHEMA”.”TABLE”.”COLUMN” (actual: 519, maximum: 500)
- mysql: [Err] 1075 – Incorrect table definition; there can be only one auto column and it must be d…
- [Solved] cannot load from mysql.proc. the table is probably corrupted
- Laravel project login error: the MAC is invalid
- [How to Solve] SQLite database error: no such column
- [Solved] Record an error of expdp export ora-01555 caused by lob damage