Reputation: 1533
MySQL AES Encrypting with default key length
I'm using mysql aes to encrypt and decrypt like this:
AES_ENCRYPT('text to encrypt','key')
CAST(AES_DECRYPT(field_name, 'key') AS CHAR (50))
I've read that AES supports 128 192 and 256. Am I correct in assuming that the default unless otherwise changed is 128? Therefore, seeing as the above queries do not define key length will it encrypt and decrypt in the default key length?
If so would it be better to specify the key length in the above queries? Because for example: lets say I encrypt and store data using the default which is 128, but then later the settings change and 256 becomes default, then that means that it will not be able to decrypt it right? Is there a way to define the key length in the above query?
Also, does the pass-key that I use for encryption have to match the key length? for example if i am using 128 key length, does my pass-key need to be below or equal to 128 bit?
Upvotes: 0
Views: 843
Answers (1)
Reputation: 34285
The answers to all these questions are there in the mysql manual on aes_encrypt():
Am I correct in assuming that the default unless otherwise changed is 128?
By default these functions implement AES with a 128-bit key length.
Therefore, seeing as the above queries do not define key length will it encrypt and decrypt in the default key length?
The block_encryption_mode system variable controls the mode for block-based encryption algorithms.
Its default value is aes-128-ecb, which signifies encryption using a key length of 128 bits and ECB mode.
For a description of the permitted values of this variable, see Section 5.1.5, “Server System Variables”.
If so would it be better to specify the key length in the above queries?
There is no key length parameter. See the answer above.
Also, does the pass-key that I use for encryption have to match the key length? for example if i am using 128 key length, does my pass-key need to be below or equal to 128 bit?
For a key length of 128 bits, the most secure way to pass a key to the key_str
argument is to create a truly random 128-bit value and pass it as a binary value.
Upvotes: 3
Related Questions
- Storing AES_ENCRYPT Key
- What is the length I must specify for string encrypted with AES-256-CBC in the database?
- Why mysql AES initialization vector length is always limited to 16 bytes, even if I choose aes-256-cbc mode? Shuldn't it be 32 in this case?
- MySQL AES_DECRYPT returns NULL
- MYSQL | AES encrypt() / decrypt()
- MySQL aes_encrypt padding scheme?
- mysql aes_encrypt into longtext column
- aes_encrypt in MySql without using aes_encrypt in the sql
- using AES_ENCRYPT with VARCHAR in mysql
- Mysql Encryption Key