Purpose
This statement is used to create a tablespace (tablespace) logical object, and the tablespace supports encryption.
Privilege requirements
To execute the CREATE TABLESPACE statement, the current user must have the CREATE TABLESPACE management privilege. For more information about OceanBase Database privileges, see Privilege classification in MySQL mode.
Syntax
Create an encrypted tablespace.
CREATE TABLESPACE tablespace_name [ENCRYPTION [=] 'tablespace_encryption_option']; tablespace_encryption_option: N | Y | AES-256 | AES-256-GCM | AES-128 | AES-128-GCM | AES-192 | AES-192-GCM | SM4-CBC | SM4-GCMCreate a tablespace.
CREATE TABLESPACE tablespace_name [ADD DATAFILE 'file_name'] [FILE_BLOCK_SIZE = value] USE LOGFILE GROUP logfile_group [EXTENT_SIZE [=] extent_size] [INITIAL_SIZE [=] initial_size] [AUTOEXTEND_SIZE [=] autoextend_size] [MAX_SIZE [=] max_size] [NODEGROUP [=] nodegroup_id] [WAIT] [COMMENT [=] 'string'] [ENGINE [=] engine_name]Notice
Only the syntax with the keyword is supported, and the feature is not effective. This syntax keyword cannot be used with
ENCRYPTION. Otherwise, an error will be returned.
Parameters
| Parameter | Description |
|---|---|
| tablespace_name | Specifies the name of the tablespace object to be created. |
| ENCRYPTION | Optional. Specifies the encryption algorithm used for the tablespace. If you do not specify an encryption algorithm using the ENCRYPTION keyword, an unencrypted tablespace is created by default. For more information about the encryption algorithms, see tablespace_encryption_option. |
tablespace_encryption_option
N: indicates that encryption is not used.Y: ifYis used, the default encryption algorithm isAES-256.AES-256: uses a 256-bit key for encryption and decryption.AES-256-GCM: uses GCM mode with a 256-bit key.AES-128: uses a 128-bit key for encryption and decryption.AES-128-GCM: uses GCM mode with a 128-bit key.AES-192: uses a 192-bit key for encryption and decryption.AES-192-GCM: uses GCM mode with a 192-bit key.SM4-CBC: SM4 algorithm in CBC mode, where each data block is XORed with the output of the previous block before encryption.SM4-GCM: SM4 algorithm in GCM mode, which provides both data encryption and authentication.
Note
- AES (Advanced Encryption Standard) is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. The AES algorithm is block-based and typically encrypts data in 128-bit blocks.
- AES-GCM (Galois/Counter Mode) is an operation mode used to process block encryption algorithms like AES, providing both encryption and data authentication (also known as message authentication code).
- The SM4 algorithm has a block length of 128 bits and a key length of 128 bits.
Examples
Create an unencrypted tablespace object.
CREATE TABLESPACE tablespace001;Create an encrypted tablespace object using transparent data encryption (TDE).
Set the encryption method to built-in transparent encryption.
ALTER SYSTEM SET tde_method = 'internal';Display the current encryption method configuration.
SHOW PARAMETERS LIKE 'tde_method';Generate a new primary encryption key.
ALTER INSTANCE ROTATE INNODB MASTER KEY;Notice
Although this command can be executed, generating a new primary encryption key will fail if the disk space is full.
Create an encrypted tablespace named
tablespace2using theSM4-GCMencryption algorithm.CREATE TABLESPACE tablespace002 ENCRYPTION = 'SM4-GCM';