Add SHA256 value of 'before' chunk to xbcrypt payload

Registered by Sergei Glushchenko on 2015-04-15

Extend the xbcrypt header to include a 'before' encryption crc32/MD5/hash or something so that it can be tested after decompression for validity.

Blueprint information

Status:
Complete
Approver:
Sergei Glushchenko
Priority:
High
Drafter:
Sergei Glushchenko
Direction:
Needs approval
Assignee:
Sergei Glushchenko
Definition:
Drafting
Series goal:
Accepted for 2.3
Implementation:
Implemented
Milestone target:
milestone icon 2.3.6
Started by
Sergei Glushchenko on 2016-11-22
Completed by
Sergei Glushchenko on 2016-11-22

Whiteboard

See https://jira.percona.com/browse/PXB-173

When incorrect encryption key specified we should fail with proper error message.
When we are trying to decrypt earlier encrypted backup, we should still keep unencrypted files.
When we are able to verify that files decrypted successfully we should delete encrypted file.

****
   xbcrypt format changed as following:

   1. Bump XBCRYPT header version number, current is "XBCRYP03"

   2. Append 32-byte SHA256 hash of the plaintext to the payload of each
      chunk

   3. Encrypt plaintext payload and hash all together

   4. Both original length and encrypted length fields of the chunk
      header are calculated including these extra 32 bytes.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.