更新日期:2024年09月11日
语法
ALTER ENCRYPTION CERTIFICATE OPEN IDENTIFIED BY ‘password’
说明
根据口令打开密文密钥证书,需要用户输入口令对证书解密获取加密密钥,才能对
存储数据加密/解密。
ALTER ENCRYPTION CERTIFICATE CLOSE;
关闭密钥证书,关闭后无法对数据加密/解密,会影响加密列的DML 操作
GBase 8a MPP Cluster 产品手册
4 管理员指南
文档版本953(2022-09-15)
南大通用数据技术股份有限公司
453
注:明文密钥不可关闭,需将明文密钥转为密文密钥才可以关闭。
示例如下:
-----------打开密钥证书示例
gbase> alter encryption certificate open identified by '1111';
Query OK, 0 rows affected (Elapsed: 00:00:04.76)
------------重复open
gbase> alter encryption certificate open identified by '1111';
ERROR 1829 (HY000): encryption certificate already open.
-----------证书不存在
gbase> alter encryption certificate open identified by '1111';
ERROR 1829 (HY000): encryption certificate not exists.
-----------解密失败
gbase> alter encryption certificate open identified by '2222';
ERROR 1829 (HY000): decrypt failed, please check password.
-----------关闭密钥证书
gbase> alter encryption certificate close;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)
gbase> insert into t1 values(4);
ERROR 1838 (HY000): Encrypt key invalid.
gbase> select * from t1;
ERROR 1838 (HY000): Decrypt key invalid.