CREATE ENCRYPT RULE

描述

CREATE ENCRYPT RULE 语法用于创建数据加密规则

语法定义

语法 铁路图

  1. CreateEncryptRule ::=
  2.   'CREATE' 'ENCRYPT' 'RULE' ifNotExists? encryptDefinition (',' encryptDefinition)*
  4. ifNotExists ::=
  5.   'IF' 'NOT' 'EXISTS'
  7. encryptDefinition ::=
  8.   ruleName '(' 'COLUMNS' '(' columnDefinition (',' columnDefinition)*  ')' (',' 'QUERY_WITH_CIPHER_COLUMN' '=' ('TRUE' | 'FALSE'))? ')'
  10. columnDefinition ::=
  11.   '(' 'NAME' '=' columnName (',' 'PLAIN' '=' plainColumnName)? ',' 'CIPHER' '=' cipherColumnName (',' 'ASSISTED_QUERY_COLUMN' '=' assistedQueryColumnName)? (',' 'LIKE_QUERY_COLUMN' '=' likeQueryColumnName)? ',' encryptAlgorithmDefinition (',' assistedQueryAlgorithmDefinition)? (',' likeQueryAlgorithmDefinition)? ')' 
  13. encryptAlgorithmDefinition ::=
  14.   'ENCRYPT_ALGORITHM' '(' 'TYPE' '(' 'NAME' '=' encryptAlgorithmType (',' propertiesDefinition)? ')'
  16. assistedQueryAlgorithmDefinition ::=
  17.   'ASSISTED_QUERY_ALGORITHM' '(' 'TYPE' '(' 'NAME' '=' encryptAlgorithmType (',' propertiesDefinition)? ')'
  19. likeQueryAlgorithmDefinition ::=
  20.   'LIKE_QUERY_ALGORITHM' '(' 'TYPE' '(' 'NAME' '=' encryptAlgorithmType (',' propertiesDefinition)? ')'
  22. propertiesDefinition ::=
  23.   'PROPERTIES' '(' key '=' value (',' key '=' value)* ')'
  25. tableName ::=
  26.   identifier
  28. columnName ::=
  29.   identifier
  31. plainColumnName ::=
  32.   identifier
  34. cipherColumnName ::=
  35.   identifier
  37. assistedQueryColumnName ::=
  38.   identifier
  40. likeQueryColumnName ::=
  41.   identifier
  43. encryptAlgorithmType ::=
  44.   string
  46. key ::=
  47.   string
  49. value ::=
  50.   literal

补充说明

  • PLAIN 指定明文数据列,CIPHER 指定密文数据列,ASSISTED_QUERY_COLUMN 指定辅助查询列,LIKE_QUERY_COLUMN 指定模糊查询列;
  • encryptAlgorithmType 指定加密算法类型,请参考 加密算法
  • 重复的 ruleName 将无法被创建;
  • ifNotExists 子句用于避免出现 Duplicate encrypt rule 错误。

示例

创建数据加密规则

  1. CREATE ENCRYPT RULE t_encrypt (
  2. COLUMNS(
  3. (NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
  4. (NAME=order_id, CIPHER =order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
  5. ),QUERY_WITH_CIPHER_COLUMN=true),
  6. t_encrypt_2 (
  7. COLUMNS(
  8. (NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
  9. (NAME=order_id, CIPHER=order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
  10. ), QUERY_WITH_CIPHER_COLUMN=FALSE);

使用 ifNotExists 子句创建数据加密规则

  1. CREATE ENCRYPT RULE IF NOT EXISTS t_encrypt (
  2. COLUMNS(
  3. (NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
  4. (NAME=order_id, CIPHER =order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
  5. ),QUERY_WITH_CIPHER_COLUMN=true),
  6. t_encrypt_2 (
  7. COLUMNS(
  8. (NAME=user_id,PLAIN=user_plain,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
  9. (NAME=order_id, CIPHER=order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='MD5')))
  10. ), QUERY_WITH_CIPHER_COLUMN=FALSE);

保留字

CREATEENCRYPTRULECOLUMNSNAMECIPHERPLAINENCRYPT_ALGORITHMQUERY_WITH_CIPHER_COLUMNTYPETRUEFALSE

相关链接