Does innobackupex support both encryption, compression and stream in parallel

Hello,

I am trying to stream the encrypted backup data to a remote host with the following command but not working. Did I miss something ?

/usr/bin/innobackupex --encrypt=AES256 --encrypt-key-file=keyfile --stream=xbstream --user=root --password=$mysqlPwd --no-timestamp --include="$TARGETDB" --extra-lsndir=$MYCURRENTBASEDIR ./ | ssh $remoteHost “xbstream -x -C /tmp/backup/”

140611 20:47:01 innobackupex: Connecting to MySQL server with DSN ‘dbi:mysql:;mysql_read_default_group=xtrabackup’ as ‘root’ (using password: YES).
140611 20:47:01 innobackupex: Connected to MySQL server
140611 20:47:01 innobackupex: Executing a version check against the server…
140611 20:47:01 innobackupex: Done.
IMPORTANT: Please check that the backup run completes successfully.
At the end of a successful backup run innobackupex
prints “completed OK!”.

innobackupex: Using mysql server version 5.5.32-MariaDB-log

innobackupex: Created backup directory ./
xbcrypt:encrypt: unable to set libgcrypt cipher key - User defined source 1 : Invalid key length
innobackupex: ‘xbstream -c | xbcrypt --encrypt-algo=AES256 --encrypt-key-file=keyfile’ returned with exit code 1.
innobackupex: Error: Failed to stream ‘/…/…/…/var/tmp/backup-my.cnf’: 1 at /usr/bin/innobackupex line 4758.

Thanks,

Resolved. The issue is in my keyfile. :slight_smile:

Hi,

i am also facing the same problem, can you tell me how did you resolve the issue.

I am trying to create enc file like this.

openssl enc -aes-256-cbc -k secret123sec_8dv4j89t4jit4u89t7 -P -md sha1 | grep key | cut -d’=’ -f2 > DB_ENC_STR

just to put this here as it was the fix to my issue and first link on google

https://www.percona.com/doc/percona-xtrabackup/2.1/innobackupex/encrypted_backups_innobackupex.html

Depending on the text editor used for making the KEYFILE, text file in some cases can contain the CRLF and this will cause the key size to grow and thus making it invalid. Suggested way to do this would be to create the file with: echo -n “A1EDC73815467C083B0869508406637E” > /data/backups/keyfile

Hi,
Thank you so much for this topic.
I have a question about exporting the encryption key file.
The error that I have:
encryption: unable to set libgcrypt cipher key - User defined source 1 : Invalid key length
When I checked, I understoot that it’s a problem with the encryption_key file that I exported.
For example, in my script when I replace:
“–encrypt-key-file=${encryptionkeyfile}”
by: “–encrypt-key-=78JKDSKJ78DSKJB37823BUIKDSKJ32HJ”
it works
I would like to know how can I export the key file
I saw somewhere that text file in some cases can contain the CRLF.
Even when I used:
echo -n “A1EDC73815467C083B0869508406637E” > /data/backups/encryption_key
It’s not work.
Some help please!!