数据加密
语法说明
CREATE ENCRYPT RULE encryptRuleDefinition [, encryptRuleDefinition] ...
ALTER ENCRYPT RULE encryptRuleDefinition [, encryptRuleDefinition] ...
DROP ENCRYPT RULE tableName [, tableName] ...
encryptRuleDefinition:
tableName(COLUMNS(columnDefinition [, columnDefinition] ...), QUERY_WITH_CIPHER_COLUMN=queryWithCipherColumn)
columnDefinition:
(NAME=columnName [, PLAIN=plainColumnName] , CIPHER=cipherColumnName [, ASSISTED_QUERY_COLUMN=assistedQueryColumnName] [, LIKE_QUERY_COLUMN=likeQueryColumnName], encryptAlgorithm [, assistedQueryAlgorithm] [, likeQueryAlgorithm])
encryptAlgorithm:
ENCRYPT_ALGORITHM(TYPE(NAME=encryptAlgorithmType [, PROPERTIES([algorithmProperties] )] ))
assistedQueryAlgorithm
ASSISTED_QUERY_ALGORITHM(TYPE(NAME=encryptAlgorithmType [, PROPERTIES([algorithmProperties] )] ))
likeQueryAlgorithm
LIKE_QUERY_ALGORITHM(TYPE(NAME=encryptAlgorithmType [, PROPERTIES([algorithmProperties] )] ))
algorithmProperties:
algorithmProperty [, algorithmProperty] ...
algorithmProperty:
key=value
参数解释
名称 |
数据类型 |
说明 |
tableName |
IDENTIFIER |
表名称 |
columnName |
IDENTIFIER |
逻辑数据列名称 |
cipherColumnName |
IDENTIFIER |
加密数据列名称 |
assistedQueryColumnName |
IDENTIFIER |
辅助查询列名称 |
likeQueryColumnName |
IDENTIFIER |
模糊查询列名称 |
encryptAlgorithmType |
STRING |
加密算法类型名称 |
注意事项
PLAIN
指定明文数据列,CIPHER
指定密文数据列;
encryptAlgorithmType
指定加密算法类型,请参考 加密算法;
- 重复的
tableName
将无法被创建;
示例
CREATE ENCRYPT RULE t_encrypt (
COLUMNS(
(NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ASSISTED_QUERY_COLUMN=user_assisted,LIKE_QUERY_COLUMN=user_like,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc'))),ASSISTED_QUERY_ALGORITHM(TYPE(NAME='MD5')), LIKE_QUERY_ALGORITHM(TYPE(NAME='CHAR_DIGEST_LIKE'))),
(NAME=order_id, CIPHER =order_cipher, ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
), QUERY_WITH_CIPHER_COLUMN=true),
t_encrypt_2 (
COLUMNS(
(NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher, ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
(NAME=order_id, CIPHER=order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
), QUERY_WITH_CIPHER_COLUMN=FALSE);
ALTER ENCRYPT RULE t_encrypt (
COLUMNS(
(NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ASSISTED_QUERY_COLUMN=user_assisted,LIKE_QUERY_COLUMN=user_like,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456'))),ASSISTED_QUERY_ALGORITHM(TYPE(NAME='MD5')), LIKE_QUERY_ALGORITHM(TYPE(NAME='CHAR_DIGEST_LIKE'))),
(NAME=order_id,CIPHER=order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
), QUERY_WITH_CIPHER_COLUMN=TRUE);
DROP ENCRYPT RULE t_encrypt,t_encrypt_2;