MySQL Keyring supports keys of different types (encryption algorithms) and lengths:
The available key types depend on which keyring plugin is installed.
The permitted key lengths are subject to multiple factors:
General keyring loadable-function interface limits (for keys managed using one of the keyring functions described in Section 6.4.4.8, “General-Purpose Keyring Key-Management Functions”), or limits from back end implementations. These length limits can vary by key operation type.
In addition to the general limits, individual keyring plugins may impose restrictions on key lengths per key type.
Table 6.23, “General Keyring Key Length Limits” shows
the general key-length limits. (The lower limits for
keyring_aws
are imposed by the AWS KMS
interface, not the keyring functions.)
Table 6.24, “Keyring Plugin Key Types and Lengths” shows the key types
each keyring plugin permits, as well as any plugin-specific
key-length restrictions.
Table 6.23 General Keyring Key Length Limits
Key Operation | Maximum Key Length |
---|---|
Generate key |
2,048 bytes; 1,024 for |
Store key | 2,048 bytes |
Fetch key | 2,048 bytes |
Table 6.24 Keyring Plugin Key Types and Lengths
Plugin Name | Permitted Key Type | Plugin-Specific Length Restrictions |
---|---|---|
keyring_aws |
|
16, 24, or 32 bytes |
keyring_encrypted_file |
|
None None None |
keyring_file |
|
None None None |
keyring_okv |
|
16, 24, or 32 bytes |