MySQL Secure Deployment Guide  /  Block Encryption Mode Configuration

Chapter 10 Block Encryption Mode Configuration

If you use the AES_ENCRYPT() encryption function, a block encryption mode with a CBC mode value and key length of 256 is recommended.

The block_encryption_mode variable controls the block encryption mode. The default setting is aes-128-ecb. Set this option to aes-256-cbc, for example, under the [mysqld] option group in the MySQL configuration file (/etc/my.cnf):


When using the AES_ENCRYPT() function, an initialization vector (the key_str value) must be supplied. This value is required for decryption and should be managed carefully.

For more information about block_encryption_mode configuration, see the AES_DECRYPT() function description. For information about how block modes work, see Block cipher mode of operation.