Hi Harin,

when there is no key or when key rotation request happen innodb call keyring plugin to generate key (in current code its using key send by innodb which is INNODBKey-my_server_uuid+post_fix_number, i am wondering what the use of my_rand_buffer(key.get(), key_len) in mysql_key_generate) it will call bool Keys_container::store_key(IKey* key) function.

bool Keys_container::store_key(IKey* key)
{
if (flush_to_backup() || store_key_in_hash(key))
return TRUE;
if (flush_to_storage(key, STORE_KEY))
{
remove_key_from_hash(key);
return TRUE;
}
return FALSE;
}


this will call store_key_in_hash if key already present in hash then it will simply return ture otherwise in case of newly generated key it will first store that key in hash and then it will store it in flush_to_storage means in keyring file.

so here in function store_key_in_hash i am modifying this->key_id by calling http get request which will give me key INNODBKey-my_key_value-x with same length as it was generating previously.

bool Keys_container::store_key_in_hash(IKey *key)
{
// TODO: This can be written more succinctly with C++17's try_emplace.

key->set_http_master_key();

string signature= *key->get_key_signature();
if (keys_hash->count(signature) != 0) {
return true;
}
else
{
keys_hash->emplace(signature, unique_ptr<IKey>(key));
store_keys_metadata(key);
return false;
}
}

here before storing key in hash i am calling key->set_http_master_key(); function which will call my http server and set key as a string in this->key_id

it will see that keys_hash->count(signature) does not contain newly generated key so it will execute store_key_matadata and return false and it will execute if (flush_to_storage(key, STORE_KEY)) to store key in keyring file.


May i know what is this SHA256 digest at the end for keyring file version 2.0 how can i append it while geeting key from my http server.

Thank you very much in advance,

Thanks,

Regards,
Gaurav
gaurav.garg@uniscon.de