MySQL Secure Deployment Guide  /  Block Encryption Mode Configuration

Chapter 10 Block Encryption Mode Configuration

If you use the AES_ENCRYPT() encryption function, a block encryption mode with a CBC mode value and key length of 256 is recommended.

The block_encryption_mode variable controls the block encryption mode. The default setting is aes-128-ecb. Set this option to aes-256-cbc, for example, under the [mysqld] option group in the MySQL configuration file (/etc/my.cnf):

block_encryption_mode=aes-256-cbc

When using the AES_ENCRYPT() function, an initialization vector (the key_str value) must be supplied. This value is required for decryption and should be managed carefully.

For more information about block_encryption_mode configuration, see the AES_DECRYPT() function description. For information about how block modes work, see Block cipher mode of operation.


User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
Sign Up Login You must be logged in to post a comment.