匿名用户mysql 8.0中加密的binlog,如何用mysqlbinlog解析?
[root@test_dan data]# mysqlbinlog binlog.000037 -vv -uroot -p123456 -S /tmp/mysql_3338.sock
mysqlbinlog: [Warning] Using a password on the command line interface can be insecure.
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
/*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
DELIMITER /*!*/;
ERROR: Reading encrypted log files directly is not supported.
SET @@SESSION.GTID_NEXT= 'AUTOMATIC' /* added by mysqlbinlog */ /*!*/;
DELIMITER ;
# End of log file
/*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=0*/;
提示ERROR: Reading encrypted log files directly is not supported
该如何解析
我来答
添加附件
收藏
分享
问题补充
1条回答
默认
最新
可以手动解密,
参考:https://dev.mysql.com/blog-archive/how-to-manually-decrypt-an-encrypted-binary-log-file/
#!/usr/bin/env bash
set -e
set -o nounset
#
# Functions
#
function usage
{
echo "Usage: $( basename ${0} ) <BINARY LOG FILE> [<KEYRING KEY VALUE>]"
echo "Where:"
echo " <BINARY LOG FILE>:"
echo " The binary or relay log file to be decrypted."
echo " <KEYRING KEY VALUE>:"
echo " The keyring key value to decrypt the file."
echo " It shall be passed in hexadecimal notation."
echo " If not specified, the program will display the key ID that."
echo " is required to decrypt the file."
exit 1
}
function error
{
echo "Error: ${1}" >> /dev/stderr
exit 1
}
function error_and_usage
{
echo "Error: ${1}" >> /dev/stderr
echo ""
usage
}
#
# Parameters sanity check
#
[ ${#} -lt 1 ] && error_and_usage "Please specify the binary log file to decrypt."
[ ${#} -gt 2 ] && error_and_usage "Too many parameters."
# ${BINLOG_FILE} is the encrypted binary log file
BINLOG_FILE="${1}"
[ ! -e "${BINLOG_FILE}" ] && error "Binary log file '${BINLOG_FILE}' not found."
KEYRING_KEY_VALUE=
[ ${#} -eq 2 ] && KEYRING_KEY_VALUE="${2}"
#
# Decryption logic
#
MAGIC=$( hexdump -v -e '/1 "%02X"' ${BINLOG_FILE} -n 4 )
[ "${MAGIC}" != "FD62696E" ] && error "Found invalid magic '0x${MAGIC}' for encrypted binlog file."
VERSION=$( hexdump -v -e '/1 "%i"' ${BINLOG_FILE} -s 4 -n 1 )
[ "${VERSION}" != "1" ] && error "Unsupported binary log encrypted version '${VERSION}'."
OFFSET=5
# First header field is a TLV: the keyring key ID
T1=$( hexdump -v -e '/1 "%i"' ${BINLOG_FILE} -s ${OFFSET} -n 1 )
[ ${T1} -ne 1 ] && error "Invalid field type (${T1}). Keyring key ID (1) was expected."
((OFFSET++))
L1=$( hexdump -v -e '/1 "%i"' ${BINLOG_FILE} -s $OFFSET -n 1 )
((OFFSET++))
V1=$( dd if=${BINLOG_FILE} of=/dev/stdout bs=1 skip=$OFFSET count=${L1} 2> /dev/null )
[ "${KEYRING_KEY_VALUE}" == "" ] && echo "Keyring key ID for '${BINLOG_FILE}' is '${V1}'" && exit 0
OFFSET=$(( ${OFFSET} + ${L1} ))
# Second header field is a TV: the encrypted file password
T2=$( hexdump -v -e '/1 "%i"' ${BINLOG_FILE} -s ${OFFSET} -n 1 )
[ ${T2} -ne 2 ] && error "Invalid field type (${T2}). Encrypted file password (2) was expected."
((OFFSET++))
L2=32
V2=$( hexdump -v -e '/1 "%02X"' ${BINLOG_FILE} -s $OFFSET -n ${L2} )
dd if=${BINLOG_FILE} of=encrypted_file_password bs=1 skip=$OFFSET count=${L2} 2> /dev/null
OFFSET=$(( ${OFFSET} + ${L2} ))
# Third header field is a TV: the IV to decrypt the file password
T3=$( hexdump -v -e '/1 "%i"' ${BINLOG_FILE} -s ${OFFSET} -n 1 )
[ ${T3} -ne 3 ] && error "Invalid field type (${T3}). IV to decrypt file password (3) was expected."
((OFFSET++))
L3=16
V3=$( hexdump -v -e '/1 "%02X"' ${BINLOG_FILE} -s $OFFSET -n ${L3} )
OFFSET=$(( ${OFFSET} + ${L3} ))
# Decrypt the file password
openssl enc -d -aes-256-cbc -K "${KEYRING_KEY_VALUE}" -iv "${V3}" -nopad -in encrypted_file_password -out file_password
rm encrypted_file_password
FILE_PASSWORD=$( hexdump -v -e '/1 "%02X"' file_password )
# Generate the file key and IV
openssl enc -aes-256-cbc -md sha512 -kfile file_password -nosalt -P > file_key_and_iv
rm file_password
FILE_KEY=$( grep 'key' file_key_and_iv | cut -d"=" -f2 )
IV=$( grep 'iv' file_key_and_iv | cut -d"=" -f2 )
rm file_key_and_iv
# Remove the "counter" (64 bits) from the IV
IV=${IV:0:16}
# Decrypt the file data (the binary log content)
dd if=${BINLOG_FILE} of="headless-${BINLOG_FILE}" bs=1 skip=512 2> /dev/null
COUNTER=0000000000000000
openssl enc -d -aes-256-ctr -K "${FILE_KEY}" -iv "${IV}${COUNTER}" -nosalt -in "headless-${BINLOG_FILE}" -out "plain-${BINLOG_FILE}"
rm "headless-${BINLOG_FILE}"
# Check decrypted binary log magic
MAGIC=$( hexdump -v -e '/1 "%02X"' "plain-${BINLOG_FILE}" -n 4 )
[ "${MAGIC}" != "FE62696E" ] && error "Found invalid magic '0x${MAGIC}' for decrypted binlog file."
echo "'${BINLOG_FILE}' was successfully decrypted as 'plain-${BINLOG_FILE}'".
复制
评论
有用 1 打赏 0
回答交流
Markdown
请输入正文
提交
相关推荐
12G的sql文件如何快速恢复导入到数据库内
回答 2
mysqluDBUSERpDBPASSDDBNAME<FILEPATH同时可以调整innodbflushlogattrxcommit、syncbinlog的参数,在可以接受的情况改为两个0,可加
MySQL a表拼接字段怎么更新到b表?
回答 2
问题表述模糊不清。updateajoinbona.idb.idsetb.colnameconcat(a.colname,a.colname2)
mysql 迁移opengauss 应用服务的迁移, 有没有工具支撑?
回答 1
暂无文字回复
在mysql5.7版本中,重命名数据库的方法通常有几种?
回答 5
已采纳
1.RENAMEDATABASEdbnameTOnewdbname2.如果所有表都是MyISAM类型的话,可以改文件夹的名字3.重命名所有的表4.mysqldump导出数据再导入5.使用Shell脚本
mysql 5.7 要创建 myisam 类型的表, 需要怎么创建?
回答 2
已采纳
showcreatetablekeweitest110\G1.rowTable:keweitest110CreateTable:CREATETABLEkeweitest110(idint(2)NOTN
MySQL 8.0.31新增特性是以下哪一个
回答 1
已采纳
B并行创建索引
mysql大小写
回答 6
已采纳
不知道你说的是不是大小写敏感的问题。如果是的话,安装mysql版本后,linux环境下默认是大小写敏感的。修改配置文件/etc/mysql/my.cnf[mysqld]节点下加入:lowercaset
xtrbackup在备份从库的时候,如果这个时候有业务写入,将导致主从复制延迟,这个问题有法解决没?
回答 3
专门配置一台从库来备份数据
MySQL无法正常启动,日志错误如下
回答 5
那你关闭的时候不是干净关闭的?有事务需要recover,如果想启动数据库的话,设置参数innodbforcerecovery6,不执行recover操作,启动以后把数据导出来,重建数据库把。
MYSQL 是否有锁设置并发更新数?
回答 1
innodbthreadconcurrency,如果设置为0,则表示不限制,mysql数据库服务器会尽可能地处理请求非0的话,表示并发数,建议设置小于等于cpu核数;
问题信息
请登录之后查看
邀请回答
暂无人订阅该标签,敬请期待~~
