Home / FAQ

Frequently Asked Questions

#fancy-title-5ab1e24fbce01 a{ color: #274e75; }
Want to better understand encryption and how MyDiamo can secure your open source database while complying to regulations? Check out our list of frequently asked questions below.

General Questions

#fancy-title-5ab1e24fbfb04 a{ color: #274e75; }
01. What is MyDiamo?
MyDiamo is a comprehensive database encryption solution specialized for MySQL, MariaDB, as well as PerconaDB and PostgreSQL (Linux only). In this big data era, encryption functionality alone is not sufficient to protect confidential data. Therefore, MyDiamo reassures every user with not only encryption functions, but also provides access control and auditing features. Visit our blog post to find out more about MyDiamo and encryption.
02. What are the strengths of MyDiamo?
Unlike other encryption software, MyDiamo operates on the DB engine level and is easily deployed upon installation, keeping performance at its highest level without the hassle of additional coding modification.  
MyDiamo is practical because it is able to perform column-level encryption, making it a sophisticated security solution for MySQL, MariaDB, Percona, and PostgreSQL.  
The three primary advantages of column-level encryption are:
1) Selectivity in encrypting data
2) Easy access control management to partial databases
3) Superior performance without code modifications
For further information, check out our blog.
03. What are encryption keys?
Encryption is the process of converting plaintext to ciphertext with a specific algorithm. For each algorithm, encryption keys are required to convert plaintext into ciphertext, vice versa.
04. How are encryption keys managed?
MyDiamo already has a built-in hierarchical key management mechanism. To secure the encryption key, save it in another server, separated from the DB. If you need a dedicated key management that is segregated from the server, Penta Security Systems also provides D’Amo KMS for your use.
05. Will installing MyDiamo affect the access authority of the original data table?
No, installing MyDiamo will not affect the access authority of the original data tables.
06. How to download MyDiamo?
The latest MyDiamo free license packages are available on the Download Page. For MyDiamo Commercial License (MDCL) or other queries, please contact us here.
07. Will encryption affect the size of the overall data?
Yes, like most encryption, the data size expands when encryption is applied. Therefore, the resulting ciphertext will be marginally bigger than the original plaintext.
08. Can I use an existing index when I encrypt a column?
The existing index can not be applied and needs to be deleted. However, partial encryption is suggested if you wish to retain the index.
09. Can exact match (=), partial match search (like), range search (& lt; & gt;) etc. be executed on encrypted columns?
Indexing the encrypted columns is not possible as the sequence will not appear orderly. When performing data retrieval procedure, performance might be affected. Additionally, indexes created before encryption must be deleted in order to maintain consistency in the search results.
10. What kind of information do I need to provide to purchase a license?
The number of cores of the target DB server and internal IP address information are required to validate the license. Additionally, please let us know the number of licenses needed, according to the usage / purpose of the DB server.
11. What is partial encryption?
Partial encryption refers to encrypting only a certain part of data in a column. For example, if you want to encrypt the 3rd to 7th characters in the columns, apply partial encryption here. If the prefix is kept as plaintext, then the order may be preserved.
1234 – 1234 -> 12 endnti 34
4321-4321 -> 43 qlejr; la21  
2222-2222 -> 22anldkfn22  
*Corresponding partial encryption character type: char, varchar, varbinary
12. How can I get help with MyDiamo?
If you have any questions about a feature or encounter unexpected issues, please contact us at mydiamo@pentasecurity.com. Our support team will get back to you as early as possible.  
Meanwhile, please check out our blog and website for more shared information.
13. How can I get in touch in regards to partnerships opportunities with MyDiamo?
For partnerships inquiries, please send us an email at mydiamo@pentasecurity.com.
#accordion-5ab1e24fbfeee .mk-accordion-single.current-item .mk-accordion-tab{ color:#274e75; } #accordion-5ab1e24fbfeee .mk-accordion-pane .inner-box{background-color: #fafafa;}


#fancy-title-5ab1e24fc64a6 a{ color: #274e75; }
01. How can I verify the error that occurs after the installation?
Oftentimes an error may occur due to plugin installation failure. 
To check for error contents, try running the ‘migraiton.sql / plugin.sql’ manually.
02. In cases where the DB has no internet connection, how can I verify the license?
In cases when internet connectivity at the DB level is not possible, please contact Penta Security Systems Co. Ltd at mydiamo@pentasecurity.com. License issuance in file form is available.
03. Why do errors reoccur although I have checked the settings and executed the encryption?
Columns and tables are case-sensitive so please make sure to use the correct case.
04. I did not log the decryption queries during the encryption. How can I cancel the encryption?
It can be restored manually by switching the engine and alphabet string length in “alter table..” syntax.
<Cancellation of cryptographic engine>
i.e.) SQL> alter table t1 engine = ‘INNODB’;
05. How can I changed the attached encryption key and password in the production environment?
Yes, it is possible. You can issue a new key by executing $DAMO_INST_HOME/bin/keygen-e-I [[key file path to change]]
However, additional procedures are required to change the key of the already constructed encryption environment. For further assistance, please contact us.
06. Do I need an OS 'root' user to install MyDiamo?
A user with the ‘root’ authority of the DB server may install MyDiamo. However, it is not always necessary.
07. Are the data encrypted when backing up at MySQL DB (mysqldump)?
You can select plaintext backups or ciphertext backups, depending on your needs.
#accordion-5ab1e24fc6705 .mk-accordion-single.current-item .mk-accordion-tab{ color:#274e75; } #accordion-5ab1e24fc6705 .mk-accordion-pane .inner-box{background-color: #fafafa;}

Product Specification

#fancy-title-5ab1e24fc9b4b a{ color: #274e75; }
01. How can I verify and make sure that my table has been encrypted?
To preview, enter the query “show create table <table name>”.
If the output is shown as ENGINE for “damo_<original storage engine name>,” this means the table is encrypted.
02. How can I encrypt additionally columns after encrypting just one?
First, decrypt the already encrypted table. Next select/add more columns to be encrypted. Then encrypt the tables once again.
03. A 'search error' pops up when accessing an encrypted column. Is it possible to convert the encrypted column into encrypted data or apply making display?
Yes, it is possible. Applying no decryption privilege in different scenarios:
1. Block the user and print the error – SET ENV DECRYPT DENY ERROR
2. Print a blank output – SET ENV DECRYPT DENY EMPTYDATA
3. Print the encrypted data – SET ENV DECRYPT DENY RAWDATA
04. Why isn't the authority of the added users reflected in the encryption environment setting even though I've added them?
First, data defined in MyDiamo needs to be saved.
MyDiamo> save all
The saved information will load when it is refreshed. To restore the information, choose ‘reload’.
MyDiamo> reload all
05. How will the performance be affected if I were to install MyDiamo?
MyDiamo uses transparent column-level encryption (TCE) method and is installed and run at the engine level. As such it has minimal impact on the overall performance. For more information, you may also refer to our blog post “The Three Methods of Database Encryption
06. How will the existing table change after installing MyDiamo?
Once encrypted, the table’s engine is set to MyDiamo Storage Engine.
07. What are the restrictions with data types in terms of encryption?
The following data types can be encrypted:
char, varchar, varbinary, tinyint, smallint, mediumint, int, bigint, float, double, tinyblob, blob, mediumblob, longblob, tinytext, text, mediumtext, longtext
08. Does MyDiamo operates only on the command line?
Yes, currently it is only possible on the command line.
09. What does Version Schema of MyDiamo mean?
MyDiamo has four (4) version numbering schemas.
– First Digits: Major version
– Second Digits: Minor version
– Third Digits: Maintenance version with New Features Added
– Fourth Digits: Maintenance version with Bug Fixes.
For more information, please refer to MyDiamo Specification Page.
10. Is it possible to install MyDiamo in Master / Slave environment? What is the installation process?
Yes, it is possible to install MyDiamo in the Master / Slave environment. To deploy, follow the below instructions:
1. Stop synchronization in Slave server. Input “”mysql> stop slave;””
2. Install MyDiamo in Slave server. 
3. Install MyDiamo in Master server.
4. Set Master CLI Encryption policy.
5. When setting Master CLI, duplicate “”*.damo“” file and keys in Slave.
6. Add privilege for encryption and decryption in Slave CLI as Unknown_User.
7. In the Slave Server, add user and IP from the Master server as Unknown_User and Unknown_Host.
Set PRIV ENC Unknown_User””<DB name>””<Table name>””<Column name>””<encrypiton privilege><decryption privilege>
8. In cases when access is limited for the Slave CLI, give accessible authority as Unknown_Host.
SET PRIV ACCESS Unknown_Host””Unknown_User””<DB name>””<Table name>””<Column name>””<access authority>”
11. What is 'double encryption prevention' in the policy setting?
It is a setting that prevents encrypted data from being re-encrypted.
12. What is the corresponding cryptographic algorithm by MyDiamo?
AES, AES 256, TDES, BLOWFISH, BLOWFISH 256, RC 4, AESNI, AESNI 256 correspond. For the evaluation version, only 128 bits of AES, TDES, BLOWFISH, RC 4, AESNI correspond. Also, AESNI only supports Intel CPU.
#accordion-5ab1e24fc9db1 .mk-accordion-single.current-item .mk-accordion-tab{ color:#274e75; } #accordion-5ab1e24fc9db1 .mk-accordion-pane .inner-box{background-color: #fafafa;}
Have a more specific question to ask us? 
.btn-5ab1e24fd164a { background-color:#2d3147; color:#ffffff; margin-bottom:30px; } .btn-5ab1e24fd164a:hover { background-color:#262a3c; color:#ffffff; }