Logo
Data Encrypting & Decrypting

Encrypting & Decrypting #

SyntaxDescriptionType
ALTER ENCRYPTING RULEModify encrypting ruleRAL
SHOW ENCRYPTING RULEView encrypting ruleRAL
ENCRYPT TABLEStart encrypting jobRAL
SHOW ENCRYPTING LISTView encrypting jobRAL
SHOW ENCRYPTING STATUSView encrypting job statusRAL
COMMIT ENCRYPTINGCommit encrypting jobRAL
ROLLBACK ENCRYPTINGRollback encrypting jobRAL
ALTER DECRYPTING RULEModify decrypting ruleRAL
SHOW DECRYPTING RULEView decrypting ruleRAL
DECRYPT TABLEStart decrypting jobRAL
SHOW DECRYPTING LISTView decrypting jobsRAL
SHOW DECRYPTING STATUSView decrypting job statusRAL
COMMIT DECRYPTINGCommit decrypting jobRAL
ROLLBACK DECRYPTINGRollback decrypting jobRAL
REENCRYPT TABLE WITH RULE tableNameKey exchange phase 1 statementRAL
START REENCRYPTING jobIdKey exchange phase 2 statementRAL
STOP ENCRYPTING jobIdStop encrypting jobRAL
START ENCRYPTING jobIdRestart encrypting jobRAL
STOP DECRYPTING jobIdStop decrypting jobRAL
START DECRYPTING jobIdRestart decrypting jobRAL
STOP REENCRYPTING jobIdStop key exchange jobRAL

1. Modify Encrypting Rule #

ALTER ENCRYPTING RULE

Example

ALTER ENCRYPTING RULE (READ(RATE_LIMITER (TYPE(NAME='QPS',PROPERTIES('qps'=500)))));

2. View Encrypting Rule #

SHOW ENCRYPTING RULE

Parameter Description

None

Example

SHOW ENCRYPTING RULE

3. Start Encrypting Job #

ENCRYPT TABLE tableName;

Parameter Description

NameDescription
tableNameEncrypting table

Example

Start table Encrypting

ENCRYPT TABLE t_user;

Start encrypting the specified column of the table

ENCRYPT TABLE t_user (password);

Starts the encrypting of the derived columns of the specified column of the table

ENCRYPT TABLE t_user (username(LIKE_QUERY));

4. View Encrypting Job #

SHOW ENCRYPTING LIST;

Parameter Description

None

Example

SHOW ENCRYPTING LIST;

5. View Encryting Job Status #

SHOW ENCRYPTING STATUS jobId;

Parameter Description

NameDescription
jobidJob id

Example

mysql> SHOW ENCRYPTING STATUS j5202p0000e2af8bea809d29f6ab4b3ac4c99b5789;
+------+-------------+----------+--------+---------------------+---------------+
| item | data_source | status   | active | finished_percentage | error_message |
+------+-------------+----------+--------+---------------------+---------------+
| 0    | ds_0        | FINISHED | true   | 100                 |               |
+------+-------------+----------+--------+---------------------+---------------+

Output Description

  • data_source: the storage unit where the job task item is located
  • status: job status
  • active: whether the job is running
  • finished_percentage: completion percentage
  • error_message: error message

6. Commit Encrypting Job #

COMMIT ENCRYPTING jobId;

Parameter Description

NameDescription
jobidJob id

Example

COMMIT ENCRYPTING  'j51017f973ac82cb1edea4f5238a258c25e89';

7. Rollback encrypting job #

ROLLBACK ENCRYPTING jobId;

Parameter Description

Parameter nameDescription
jobidjob id

Example

ROLLBACK ENCRYPTING  'j51017f973ac82cb1edea4f5238a258c25e89';

8. Modify Decrypting Rule #

ALTER DECRYPTING RULE (READ(RATE_LIMITER (TYPE(NAME='QPS',PROPERTIES('qps'=500)))));

Example

ALTER DECRYPTING RULE (READ(R 
ATE_LIMITER ( TYPE(NAME=QPS,PROPER 
TIES('qps= '5000)))));

9. View Decrypting Rule #

SHOW DECRYPTING RULE

Parameter Description

None

Example

SHOW DECRYPTING RULE

10. Start Decrypting Job #

DECRYPT TABLE tableName;

Parameter Description

NameDescription
tableNameDecrypting table

Example

DECRYPT TABLE t_user;

Start table decrypting

DECRYPT TABLE t_user;

Starts the decrypting for the specified column of the table

DECRYPT TABLE t_user (password);

Special Note

When starting decrypting, if the target table is a single table and the physical table does not contain plaintext columns, Engine will automatically create plaintext columns for decrypting, otherwise the user needs to create plaintext columns by themselves. (This feature supports MySQL, PostgreSQL, openGauss, Oracle and Hive storage units)

11. View Decrypting Job #

SHOW DECRYPTING LIST;

Parameter Description

None

Example

SHOW DECRYPTING LIST;

12. View Decrypting Job Status #

SHOW DECRYPTING STATUS jobId;

Parameter Description

NameDescription
jobidJob id

Example

mysql> SHOW DECRYPTING STATUS j5302p0000e2af8bea809d29f6ab4b3ac4c99b5789;
+------+-------------+----------+--------+---------------------+---------------+
| item | data_source | status   | active | finished_percentage | error_message |
+------+-------------+----------+--------+---------------------+---------------+
| 0    | testdb      | FINISHED | true   | 100                 |               |
+------+-------------+----------+--------+---------------------+---------------+

Output Description

  • data_source: the storage unit where the job task item is located
  • status: job status
  • active: whether the job is running
  • finished_percentage: completion percentage
  • error_message: error message

13. Commit Decrypting Job #

COMMIT DECRYPTING jobId;

Parameter Description

NameDescription
jobidJob id

Example

COMMIT DECRYPTING  'j51017f973ac82cb1edea4f5238a258c25e89';

14. Rollback decrypting job #

ROLLBACK DECRYPTING jobId;

Parameter description

Parameter nameDescription
jobidjob id

Example

ROLLBACK DECRYPTING  'j51017f973ac82cb1edea4f5238a258c25e89';

15. Key Exchange Phase 1 Statement #

Rencrypting supports automatic creation of plaintext columns, and after the job is completed, the plaintext columns are automatically deleted.

REENCRYPT TABLE WITH RULE tableName

Parameter Description

NameDescription
tableNameKey exchange table

Example

REENCRYPT TABLE WITH RULE t_encrypt (
COLUMNS(
(NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ASSISTED_QUERY_COLUMN=user_assisted,LIKE_QUERY_COLUMN=user_like,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='665544aaa'))),ASSISTED_QUERY_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='523234abc'))), LIKE_QUERY_ALGORITHM(TYPE(NAME='CHAR_DIGEST_LIKE'))),
(NAME=order_id, PLAIN=order_plain,CIPHER =order_cipher, ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='445533ccc'))))
), QUERY_WITH_CIPHER_COLUMN=true);

16. Key Exchange Phase 2 Statement #

START REENCRYPTING jobId;

Parameter Description

NameDescription
tableNameKey exchange table

Example

START REENCRYPTING j54014fb26631db0f7149741422d86cc5dfe6;

17. Stop Encrypting job #

STOP ENCRYPTING jobId;

Parameter Description

NameDescription
jobidjob id

Example

STOP ENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';

18. Restart Encrypting job #

START ENCRYPTING jobId;

Parameter Description

NameDescription
jobidjob id

Example

START ENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';

19. Stop Decrypting job #

STOP DECRYPTING jobId;

Parameter Description

NameDescription
jobidjob id

Example

STOP DECRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';

20. Restart Decrypting job #

START DECRYPTING jobId;

Parameter Description

NameDescription
jobidjob id

Example

START DECRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';

21. Stop Reencrypting job #

STOP REENCRYPTING jobId;

Parameter Description

NameDescription
jobidjob id

Example

STOP REENCRYPTING 'j51017f973ac82cb1edea4f5238a258c25e89';