Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 39.3Mb
PDF (A4) - 39.3Mb
PDF (RPM) - 38.5Mb
HTML Download (TGZ) - 10.9Mb
HTML Download (Zip) - 11.0Mb
HTML Download (RPM) - 9.6Mb
Man Pages (TGZ) - 217.9Kb
Man Pages (Zip) - 327.6Kb
Info (Gzip) - 3.6Mb
Info (Zip) - 3.6Mb
Excerpts from this Manual

MySQL 5.7 Reference Manual  /  ...  /  Supported Keyring Key Types and Lengths

6.4.4.7 Supported Keyring Key Types and Lengths

MySQL Keyring supports keys of different types (encryption algorithms) and lengths:

  • The available key types depend on which keyring plugin is installed.

  • The permitted key lengths are subject to multiple factors:

    • General keyring UDF interface limits (for keys managed using one of the keyring UDFs described in Section 6.4.4.8, “General-Purpose Keyring Key-Management Functions”), or limits from back end implementations. These length limits can vary by key operation type.

    • In addition to the general limits, individual plugins may impose restrictions on key lengths per key type.

Table 6.22, “General Keyring Key Length Limits” shows the general key length limits. (The lower limits for keyring_aws are imposed by the AWS KMS interface, not the keyring UDFs.) Table 6.23, “Keyring Plugin Key Types and Lengths” shows for each keyring plugin the key types it permits, as well as any plugin-specific key-length restrictions.

Table 6.22 General Keyring Key Length Limits

Key Operation Maximum Key Length
Generate key

2,048 bytes; 1,024 for keyring_aws

Store key

2,048 bytes

Fetch key

2,048 bytes


Table 6.23 Keyring Plugin Key Types and Lengths

Plugin Name Permitted Key Type Plugin-Specific Length Restrictions
keyring_encrypted_file

AES

DSA

RSA

None

None

None

keyring_file

AES

DSA

RSA

None

None

None

keyring_okv

AES

16, 24, or 32 bytes

keyring_aws

AES

16, 24, or 32 bytes