我希望MySQL自动使用AES加密数据,这样我就不必在应用层这样做。第一个问题:这可能吗? 我尝试了这种简单的方法:
表:
measurement
id INT
value VARBINARY(50)
触发器:
CREATE DEFINER = CURRENT_USER TRIGGER `openeHealth`.`measurement_BEFORE_INSERT` BEFORE INSERT ON `measurement` FOR EACH ROW
BEGIN
SET @@session.block_encryption_mode = 'aes-256-ecb';
DECLARE vKey = RANDOM_BYTES(256);
SET NEW.value HEX(AES_ENCRYPT(value, vKey));
END
这是我第一次尝试使用触发器,所以可能是一个简单的失败或者 MySQL 不支持这样的东西。
我的测试插入有一个 Double 值作为“值”。
是的,我知道我需要将随 secret 钥存储在某个地方。那么也许有人知道如何由于“之前插入”而更新另一个表?
非常感谢
错误消息:
ERROR: Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.., 1)' at line 1
SQL Code:
INSERT INTO `openeHealth`.`measurement` (`id`, `owner_id`, `type_id`, `value`, `device_id`) VALUES (1, 1, 1, ..., 1)
MySQL Workbench生成的代码:
START TRANSACTION;
USE `openeHealth`;
INSERT INTO `openeHealth`.`measurement` (`id`, `owner_id`, `type_id`, `value`, `device_id`) VALUES (1, 1, 1, ..., 1);
COMMIT;
最佳答案
...
DECLARE is permitted only inside a BEGIN ... END compound statement and must be at its start, before any other statements.
...
尝试:
mysql> DROP TABLE IF EXISTS `measurement`;
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE TABLE IF NOT EXISTS `measurement`(
-> `id` INT,
-> `value` VARBINARY(50)
-> );
Query OK, 0 rows affected (0.00 sec)
mysql> DELIMITER //
mysql> CREATE DEFINER=CURRENT_USER TRIGGER `measurement_BEFORE_INSERT` BEFORE INSERT ON `measurement`
-> FOR EACH ROW
-> BEGIN
-> DECLARE `SESSION_block_encryption_mode` VARCHAR(33) DEFAULT @@SESSION.`block_encryption_mode`;
-> -- SET @@session.block_encryption_mode = 'aes-256-ecb';
-> -- DECLARE vKey = RANDOM_BYTES(256);
->
-> SET @@SESSION.`block_encryption_mode` := 'aes-256-ecb';
->
-> -- SET NEW.value HEX(AES_ENCRYPT(value, vKey));
-> SET NEW.`value` := HEX(AES_ENCRYPT(NEW.`value`, RANDOM_BYTES(256)));
-> SET @@SESSION.`block_encryption_mode` := `SESSION_block_encryption_mode`;
-> END//
Query OK, 0 rows affected (0.00 sec)
mysql> DELIMITER ;
mysql> INSERT INTO `measurement`
-> (`id`, `value`)
-> VALUES
-> (1, 'myKey');
Query OK, 1 row affected (0.00 sec)
mysql> SELECT
-> `id`,
-> `value`
-> FROM
-> `measurement`;
+------+----------------------------------+
| id | value |
+------+----------------------------------+
| 1 | 10293FC4F42FC7BAAA91C94EFF004315 |
+------+----------------------------------+
1 row in set (0.00 sec)
关于MySQL 在插入前触发时更改类型,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38119286/