KMIP Object Verification | Utimaco Integration Guides

Verify that the new object, a symmetric key with the owner KMIP_client was created.

Use keyring_okv plugin to create encrypted tables. When you create the first encrypted table, InnoDB will ask keyring_okv to generate primary key (AES-256) in ESKM. You can check this in the ESKM Web UI in KMIP Objects. This primary key is used to encrypt tablespace keys. InnoDB also asks ESKM to generate a key (AES-256) for encrypting table. The tablespace key is wrapped using the primary key and stored alongside the encrypted table. For subsequent encrypted tables, only the tablespace key is generated, and the same primary key is used to wrap the tablespace key.

KMIP Object Configuration window

Here is an example of how you create an encrypted table.

mysql›
SQL> CREATE DATABASE MySQL_TDE_Test; USE MySQL_TDE_Test; CREATE TABLE `test_encryption` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(15) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1 ENCRYPTION = 'Y';

mysql›

SQL> CREATE DATABASE MySQL_TDE_Test; 
USE MySQL_TDE_Test; 
CREATE TABLE `test_encryption` ( 
`id` int(10) unsigned NOT NULL AUTO_INCREMENT, 
`name` varchar(15) NOT NULL, 
PRIMARY KEY (`id`) 
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1 ENCRYPTION = 'Y';