WL#1024: Add public key (asymmetric) encryption support to MySQL
Affects: Benchmarks-3.0 — Status: Un-Assigned — Priority: Medium
We now have a lot of functions for symmetric cryptography in MySQL, but we do not have the one for asymmetric replication (RSA or DSA) It would be usable for various encryption scenarios as well as for digital content signing. The exact function list to be added is still to be discussed, here is proposed list 1) CryptoStrong random key string generation. Current random function is based on timer and so can't be treated as very strong. (The amount of calls to function does not help much) Furthermore the whole random status is just 64bit at the moment so it can't be more than 64bit crypto strong anyway. As soon as we have it we can use if for authentication as well. Example: RAND_STRING(length) 2) Key generations Having strong random key we can use it for public/private key generation. Also we can use something as "password" to get the repeatable keys on other system. Example: RSA_GET_PUB_KEY(string,<bits>) RSA_GET_PRIV_KEY(string,<bits>) 3) Encryption functions Example: RSA_ENCRYPT(str,<key1>) RSA_DECRYPT(str,<key2>) 4) KeyChain Support The big question is storing the keys so they do not travel over network all the time and can't be accessed if database content is stolen. The same infrastructure can be later used for table level encryption. Implementation is not complex as in MySQL 4.1 we have hash_stage1 transfered safely from client to server, it can be used for encryption of stored keys. EXAMPLE: KEY_CHAIN_SET("name","value"); KEY_CHAIN_GET("name"); KEY_CHAIN_DELETE("name"); This would allow to use "select @mykey=KEY_CHAIN_GET("mykey")"; to get safe key for encryption. This is more user friendly,generic and secure solution compared to one we have now for DES_ENCRYPT (keys stored in file)
Copyright (c) 2000, 2015, Oracle Corporation and/or its affiliates. All rights reserved.