ALTER COLUMN ENCRYPTION KEY
Function
ALTER COLUMN ENCRYPTION KEY encrypts the CMKs of CEKs in round robin (RR) mode and encrypts the plaintext of CEKs.
Precautions
- This syntax is specific to the fully-encrypted database. When connecting to the database server, enable the fully-encrypted database before using this syntax.
- This syntax takes effect on CMKs only. Encrypting the plaintext of CEKs does not change the ciphertext of the encrypted columns.
Syntax
ALTER COLUMN ENCRYPTION KEY column_encryption_key_name WITH VALUES ( CLIENT_MASTER_KEY = client_master_key_name );
Parameter Description
- column_encryption_key_name
Specifies the key name. In the same namespace, the value of this parameter must be unique.
Value range: a string. It must comply with the naming convention.
- client_master_key_name
Specifies the CMK used to encrypt the CEK. The value is the CMK name, which is created using the CREATE CLIENT MASTER KEY syntax. The encrypted CMKs are different from those specified before RR encryption.
The constraints of using Chinese cryptographic algorithms are as follows:
SM2, SM3, and SM4 are Chinese cryptographic algorithms. To avoid legal risks, these algorithms must be used together. The Chinese cryptographic algorithms used for the RR encryption must be the same as those used before RR encryption.
Example
For details, see 8.15.63-Examples in section "CREATE COLUMN ENCRYPTION KEY."
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot