6.4.4.6 Supported Keyring Key Types and Lengths
MySQL Keyring supports keys of different types (encryption algorithms) and lengths:
The available key types depend on which keyring plugin is installed.
The permitted key lengths are subject to multiple factors:
General keyring UDF interface limits (for keys managed using one of the keyring UDFs described in Section 6.4.4.8, “General-Purpose Keyring Key-Management Functions”), or limits from back end implementations. These length limits can vary by key operation type.
In addition to the general limits, individual plugins may impose restrictions on key lengths per key type.
Table 6.23, “General Keyring Key Length Limits” shows the general key length limits. (The lower limits for keyring_aws
are imposed by the AWS KMS interface, not the keyring UDFs.) Table 6.24, “Keyring Plugin Key Types and Lengths” shows for each keyring plugin the key types it permits, as well as any plugin-specific key-length restrictions.
Table 6.23 General Keyring Key Length Limits
Key Operation | Maximum Key Length |
---|---|
Generate key | 2,048 bytes; 1,024 for |
Store key | 2,048 bytes |
Fetch key | 2,048 bytes |
Table 6.24 Keyring Plugin Key Types and Lengths
Plugin Name | Permitted Key Type | Plugin-Specific Length Restrictions |
---|---|---|
keyring_aws |
|
16, 24, or 32 bytes |
keyring_encrypted_file |
|
None None None |
keyring_file |
|
None None None |
keyring_okv |
|
16, 24, or 32 bytes |