Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 35.0Mb
PDF (A4) - 35.1Mb
Man Pages (TGZ) - 255.5Kb
Man Pages (Zip) - 360.4Kb
Info (Gzip) - 3.4Mb
Info (Zip) - 3.4Mb
Excerpts from this Manual

MySQL 5.7 Reference Manual  /  ...  /  Supported Keyring Key Types and Lengths

6.4.4.6 Supported Keyring Key Types and Lengths

MySQL Keyring supports keys of different types (encryption algorithms) and lengths:

  • The available key types depend on which keyring plugin is installed.

  • The permitted key lengths are subject to multiple factors:

    • General keyring loadable-function interface limits (for keys managed using one of the keyring functions described in Section 6.4.4.8, “General-Purpose Keyring Key-Management Functions”), or limits from back end implementations. These length limits can vary by key operation type.

    • In addition to the general limits, individual keyring plugins may impose restrictions on key lengths per key type.

Table 6.23, “General Keyring Key Length Limits” shows the general key-length limits. (The lower limits for keyring_aws are imposed by the AWS KMS interface, not the keyring functions.) Table 6.24, “Keyring Plugin Key Types and Lengths” shows the key types each keyring plugin permits, as well as any plugin-specific key-length restrictions.

Table 6.23 General Keyring Key Length Limits

Key Operation Maximum Key Length
Generate key

2,048 bytes; 1,024 for keyring_aws

Store key

2,048 bytes

Fetch key

2,048 bytes


Table 6.24 Keyring Plugin Key Types and Lengths

Plugin Name Permitted Key Type Plugin-Specific Length Restrictions
keyring_aws

AES

16, 24, or 32 bytes

keyring_encrypted_file

AES

DSA

RSA

None

None

None

keyring_file

AES

DSA

RSA

None

None

None

keyring_okv

AES

16, 24, or 32 bytes