Encryption

• Page 1: 1. Create Encryption Policy
• Page 2: 2. Assign the column encryption settings
• Page 3: 3. Grant Encryption Privileges
• Page 4: 4. Save MyDiamo Setting
• Page 5: 5. Migrate Table to MyDiamo Storage

1. Create Encryption Policy

Column Encryption requires five steps.

In order to execute encryption, you will need at least one policy. A policy is a group of encryption settings that will be applied when you encrypt a column of data. If you wish to use a policy that has already been made, then you can skip this step. If this is your first time accessing MyDiamo, then you will need to create an encryption policy.

CREATE POLICY <POLICY_ID>"<ALGORITHM>"<IV>["<PARTIAL-ENC-POS>"<PARTIAL-ENC-OFF>”<BLOCK MODE>”<ENCODE MODE>”<ENC FLAG>]

The part in [] is option. You can type only <POLIC Y_ID>”<ALGORITHM>”<IV> . For example,

MyDiamo > create policy namePolicy”AES”VIV”0”0”CBC”BASE64”00FF
MyDiamo > create policy phoneNum"AES"FIV"0"0"RAW 
MyDiamo > create policy samplePolicy"TDES"FIV

NOTE!

• Encryption Supported Data Type: char, varchar, varbinary, tinyint, smallint, mediumint, int, bigint, float, double, tinyblob, blob, mediumblob, longblob, tinytext, text, mediumtext, longtext, date, time, datetime, timestamp, year
• Partial Encryption Supported Data Type: char, varchar, varbinary
• In case of tinyint, smallint, mediumint, int, bigint, float, double, date, time, datetime, timestamp, year, user can only use FIV as <IV>, CFB, RC4 as <BLOCK MODE>, RAW as <ENCODING MODE>and cannot use <ENC-FLAG>.