[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
AES_ENCRYPT(string,key_string)
AES_DECRYPT(string,key_string)
The input arguments may be any length. If either argument is NULL
,
the result of this function is also NULL
.
Because AES is a block-level algorithm, padding is used to encode uneven length strings and so the result string length may be calculated as 16*(trunc(string_length/16)+1).
If AES_DECRYPT()
detects invalid data or incorrect padding, it
returns NULL
. However, it is possible for AES_DECRYPT()
to return a non-NULL
value (possibly garbage) if the input data or
the key is invalid.
You can use the AES functions to store data in an encrypted form by modifying your queries:
INSERT INTO t VALUES (1,AES_ENCRYPT('text','password')); |
You can get even more security by not transferring the key over the connection for each query, which can be accomplished by storing it in a server-side variable at connection time. For example:
SELECT @password:='my password'; INSERT INTO t VALUES (1,AES_ENCRYPT('text',@password)); |
AES_ENCRYPT()
and AES_DECRYPT()
were added in version 4.0.2,
and can be considered the most cryptographically secure encryption
functions currently available in MySQL.
DECODE(crypt_str,pass_str)
crypt_str
using pass_str
as the
password. crypt_str
should be a string returned from
ENCODE()
.
ENCODE(str,pass_str)
str
using pass_str
as the password.
To decrypt the result, use DECODE()
.
The result is a binary string of the same length as string
.
If you want to save it in a column, use a BLOB
column type.
DES_DECRYPT(string_to_decrypt [, key_string])
Decrypts a string encrypted with DES_ENCRYPT()
.
Note that this function works only if MySQL has been configured with SSL support. See section 5.5.9 Using Secure Connections.
If no key_string
argument is given, DES_DECRYPT()
examines
the first byte of the encrypted string to determine the DES key number
that was used to encrypt the original string, and then reads the key
from the des-key-file
to decrypt the message. For this to work,
the user must have the SUPER
privilege.
If you pass this function a key_string
argument, that string
is used as the key for decrypting the message.
If the string_to_decrypt
doesn't look like an encrypted string, MySQL
will return the given string_to_decrypt
.
On error, this function returns NULL
.
DES_ENCRYPT(string_to_encrypt [, (key_number | key_string) ] )
Encrypts the string with the given key using the Triple-DES algorithm.
Note that this function works only if MySQL has been configured with SSL support. See section 5.5.9 Using Secure Connections.
The encryption key to use is chosen the following way:
Argument | Description |
Only one argument | The first key from |
key number | The given key (0-9) from the |
string | The given |
The return string will be a binary string where the first character
will be CHAR(128 | key_number)
.
The 128 is added to make it easier to recognize an encrypted key.
If you use a string key, key_number
will be 127.
On error, this function returns NULL
.
The string length for the result will be
new_length= org_length + (8-(org_length % 8))+1
.
The des-key-file
has the following format:
key_number des_key_string key_number des_key_string |
Each key_number
must be a number in the range from 0 to 9. Lines in
the file may be in any order. des_key_string
is the string that
will be used to encrypt the message. Between the number and the key there
should be at least one space. The first key is the default key that will
be used if you don't specify any key argument to DES_ENCRYPT()
You can tell MySQL to read new key values from the key file with the
FLUSH DES_KEY_FILE
command. This requires the Reload_priv
privilege.
One benefit of having a set of default keys is that it gives applications a way to check for the existence of encrypted column values, without giving the end user the right to decrypt those values.
mysql> SELECT customer_address FROM customer_table WHERE crypted_credit_card = DES_ENCRYPT("credit_card_number"); |
ENCRYPT(str[,salt])
str
using the Unix crypt()
system call. The
salt
argument should be a string with two characters.
(As of MySQL Version 3.22.16, salt
may be longer than two characters.)
mysql> SELECT ENCRYPT("hello"); -> 'VxuFAJXVARROc' |
ENCRYPT()
ignores all but the first 8 characters of str
, at
least on some systems. This behavior is determined by the implementation
of the underlying crypt()
system call.
If crypt()
is not available on your system, ENCRYPT()
always
returns NULL
. Because of this we recommend that you use MD5()
or SHA1()
instead; these two functions exist on all platforms.
MD5(string)
mysql> SELECT MD5("testing"); -> 'ae2b1fca515949e5d54fb22b8ed95575' |
This is the "RSA Data Security, Inc. MD5 Message-Digest Algorithm".
PASSWORD(str)
OLD_PASSWORD(str)
str
. This is
the function that is used for encrypting MySQL passwords for storage
in the Password
column of the user
grant table:
mysql> SELECT PASSWORD('badpwd'); -> '7f84554057dd964b' |
PASSWORD()
encryption is irreversible.
PASSWORD()
does not perform password encryption in the same way that
Unix passwords are encrypted. See ENCRYPT()
.
Note:
The PASSWORD()
function is used by the authentication system in
MySQL Server, you should NOT use it in your own applications.
For that purpose, use MD5()
or SHA1()
instead.
Also see RFC-2195
for more information about handling passwords
and authentication securely in your application.
SHA1(string)
SHA(string)
NULL
in case the input argument was NULL
.
One of the possible uses for this function is as a hash key. You can
also use it as cryptographically safe function for storing passwords.
mysql> SELECT SHA1("abc"); -> 'a9993e364706816aba3e25717850c26c9cd0d89d' |
SHA1()
was added in version 4.0.2, and can be considered
a cryptographically more secure equivalent of MD5()
.
SHA()
is synonym for SHA1()
.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |