Encrypting & Decrypting #
| Syntax | Description | Type |
|---|---|---|
| ALTER ENCRYPTING RULE | Modify encrypting rule | RAL |
| SHOW ENCRYPTING RULE | View encrypting rule | RAL |
| ENCRYPT TABLE | Start encrypting job | RAL |
| SHOW ENCRYPTING LIST | View encrypting job | RAL |
| SHOW ENCRYPTING STATUS | View encrypting job status | RAL |
| COMMIT ENCRYPTING | Commit encrypting job | RAL |
| ROLLBACK ENCRYPTING | Rollback encrypting job | RAL |
| ALTER DECRYPTING RULE | Modify decrypting rule | RAL |
| SHOW DECRYPTING RULE | View decrypting rule | RAL |
| DECRYPT TABLE | Start decrypting job | RAL |
| SHOW DECRYPTING LIST | View decrypting jobs | RAL |
| SHOW DECRYPTING STATUS | View decrypting job status | RAL |
| COMMIT DECRYPTING | Commit decrypting job | RAL |
| ROLLBACK DECRYPTING | Rollback decrypting job | RAL |
| REENCRYPT TABLE WITH RULE tableName | Key exchange phase 1 statement | RAL |
| START REENCRYPTING jobId | Key exchange phase 2 statement | RAL |
| STOP ENCRYPTING jobId | Stop encrypting job | RAL |
| START ENCRYPTING jobId | Restart encrypting job | RAL |
| STOP DECRYPTING jobId | Stop decrypting job | RAL |
| START DECRYPTING jobId | Restart decrypting job | RAL |
| STOP REENCRYPTING jobId | Stop key exchange job | RAL |
1. Modify Encrypting Rule #
copyALTER ENCRYPTING RULE
Example
copyALTER ENCRYPTING RULE (READ(RATE_LIMITER (TYPE(NAME='QPS',PROPERTIES('qps'=500)))));
2. View Encrypting Rule #
copySHOW ENCRYPTING RULE
Parameter Description
None
Example
copySHOW ENCRYPTING RULE
3. Start Encrypting Job #
copyENCRYPT TABLE tableName;
Parameter Description
| Name | Description |
|---|---|
| tableName | Encrypting table |
Example
Start table Encrypting
copyENCRYPT TABLE t_user;
Start encrypting the specified column of the table
copyENCRYPT TABLE t_user (password);
Starts the encrypting of the derived columns of the specified column of the table
copyENCRYPT TABLE t_user (username(LIKE_QUERY));
4. View Encrypting Job #
copySHOW ENCRYPTING LIST;
Parameter Description
None
Example
copySHOW ENCRYPTING LIST;
5. View Encryting Job Status #
copySHOW ENCRYPTING STATUS jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | Job id |
Example
copymysql> SHOW ENCRYPTING STATUS j5202p0000e2af8bea809d29f6ab4b3ac4c99b5789;
+------+-------------+----------+--------+---------------------+---------------+
| item | data_source | status | active | finished_percentage | error_message |
+------+-------------+----------+--------+---------------------+---------------+
| 0 | ds_0 | FINISHED | true | 100 | |
+------+-------------+----------+--------+---------------------+---------------+
Output Description
- data_source: the storage unit where the job task item is located
- status: job status
- active: whether the job is running
- finished_percentage: completion percentage
- error_message: error message
6. Commit Encrypting Job #
copyCOMMIT ENCRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | Job id |
Example
copyCOMMIT ENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
7. Rollback encrypting job #
copyROLLBACK ENCRYPTING jobId;
Parameter Description
| Parameter name | Description |
|---|---|
| jobid | job id |
Example
copyROLLBACK ENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
8. Modify Decrypting Rule #
copyALTER DECRYPTING RULE (READ(RATE_LIMITER (TYPE(NAME='QPS',PROPERTIES('qps'=500)))));
Example
copyALTER DECRYPTING RULE (READ(R
ATE_LIMITER ( TYPE(NAME=‘QPS’,PROPER
TIES('qps= '5000)))));
9. View Decrypting Rule #
copySHOW DECRYPTING RULE
Parameter Description
None
Example
copySHOW DECRYPTING RULE
10. Start Decrypting Job #
copyDECRYPT TABLE tableName;
Parameter Description
| Name | Description |
|---|---|
| tableName | Decrypting table |
Example
copyDECRYPT TABLE t_user;
Start table decrypting
copyDECRYPT TABLE t_user;
Starts the decrypting for the specified column of the table
copyDECRYPT TABLE t_user (password);
Special Note
When starting decrypting, if the target table is a single table and the physical table does not contain plaintext columns, Engine will automatically create plaintext columns for decrypting, otherwise the user needs to create plaintext columns by themselves. (This feature supports MySQL, PostgreSQL, openGauss, Oracle and Hive storage units)
11. View Decrypting Job #
copySHOW DECRYPTING LIST;
Parameter Description
None
Example
copySHOW DECRYPTING LIST;
12. View Decrypting Job Status #
copySHOW DECRYPTING STATUS jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | Job id |
Example
copymysql> SHOW DECRYPTING STATUS j5302p0000e2af8bea809d29f6ab4b3ac4c99b5789;
+------+-------------+----------+--------+---------------------+---------------+
| item | data_source | status | active | finished_percentage | error_message |
+------+-------------+----------+--------+---------------------+---------------+
| 0 | testdb | FINISHED | true | 100 | |
+------+-------------+----------+--------+---------------------+---------------+
Output Description
- data_source: the storage unit where the job task item is located
- status: job status
- active: whether the job is running
- finished_percentage: completion percentage
- error_message: error message
13. Commit Decrypting Job #
copyCOMMIT DECRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | Job id |
Example
copyCOMMIT DECRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
14. Rollback decrypting job #
copyROLLBACK DECRYPTING jobId;
Parameter description
| Parameter name | Description |
|---|---|
| jobid | job id |
Example
copyROLLBACK DECRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
15. Key Exchange Phase 1 Statement #
Rencrypting supports automatic creation of plaintext columns, and after the job is completed, the plaintext columns are automatically deleted.
copyREENCRYPT TABLE WITH RULE tableName
Parameter Description
| Name | Description |
|---|---|
| tableName | Key exchange table |
Example
copyREENCRYPT TABLE WITH RULE t_encrypt (
COLUMNS(
(NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ASSISTED_QUERY_COLUMN=user_assisted,LIKE_QUERY_COLUMN=user_like,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='665544aaa'))),ASSISTED_QUERY_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='523234abc'))), LIKE_QUERY_ALGORITHM(TYPE(NAME='CHAR_DIGEST_LIKE'))),
(NAME=order_id, PLAIN=order_plain,CIPHER =order_cipher, ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='445533ccc'))))
), QUERY_WITH_CIPHER_COLUMN=true);
16. Key Exchange Phase 2 Statement #
copySTART REENCRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| tableName | Key exchange table |
Example
copySTART REENCRYPTING j54014fb26631db0f7149741422d86cc5dfe6;
17. Stop Encrypting job #
copySTOP ENCRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | job id |
Example
copySTOP ENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
18. Restart Encrypting job #
copySTART ENCRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | job id |
Example
copySTART ENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
19. Stop Decrypting job #
copySTOP DECRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | job id |
Example
copySTOP DECRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
20. Restart Decrypting job #
copySTART DECRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | job id |
Example
copySTART DECRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';
21. Stop Reencrypting job #
copySTOP REENCRYPTING jobId;
Parameter Description
| Name | Description |
|---|---|
| jobid | job id |
Example
copySTOP REENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';