Updated on 2024-11-30 GMT+08:00

block_encryption_mode Consistency Check

Check whether the block_encryption_mode values of the source and destination databases are the same. If they are different, the destination database may be unavailable after data migration. You are advised to set block_encryption_mode to the same value.

block_encryption_mode is used to set the encryption mode when the encryption and decryption functions are used. If the block_encryption_mode parameter of the source database is different from that of the destination database, the query results of the encryption and decryption functions are different.

For example, if you set block_encryption_mode to aes-128-ecb and run SELECT HEX(AES_ENCRYPT('test','k')), the command output is 1521CE1E7B33581DF75BA0DF53F8F6D3. If you set block_encryption_mode to aes-256-ecb and run SELECT HEX(AES_ENCRYPT('test','k')), the command output is 0201581D9FC84F7BBF136A80E7FC9572. The two command outputs are different. In this case, after the encrypted data in the source database is synchronized to the destination database, the original data cannot be restored after decryption in the destination database.

Failure Cause

The block_encryption_mode values of the source and destination databases must be the same.

Handling Suggestion

  • If related encryption and decryption functions are not used to perform operations on services, skip this check item.
  • To change the block_encryption_mode parameter of a database, perform the following operations:
    • The source database is an on-premises MySQL database.
      • Method 1: Run the following command and restart the database to apply the change:
        SET GLOBAL block_encryption_mode = 'the encryption mode'
      • Method 2: Add the following line to the my.cnf or my.ini configuration file and restart the database to apply the change.
        block_encryption_mode = 'the encryption mode'
    • If the source database is an RDS for MySQL instance on the cloud, change the block_encryption_mode parameter of a database by referring to Modifying Parameters of an RDS for MySQL Instance.