Encrypt MySQL data using AES techniques








CREATE  TABLE `user` (
`id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
`first_name` VARBINARY(100) NULL ,
`address` VARBINARY(200) NOT NULL ,
PRIMARY KEY (`id`)
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8
COLLATE = utf8_general_ci
 
You may be expected the table structure should be:









CREATE  TABLE `user` (
`id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
`first_name` VARCHAR(50) NULL ,
`address` VARCHAR(100) NOT NULL ,
PRIMARY KEY (`id`)
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8
COLLATE = utf8_general_ci
 
To encrypt & decrypt mysql data we will use AES_ENCRYPT() and AES_DECRYPT() functions. These functions used the official AES (Advanced Encryption Standard) algorithm & encode data with a 128-bit key length. 128 bits is much faster and secure enough for most purposes.

Why we used VARBINARY data type instead of VARCHAR:
Because AES_ENCRYPT() encrypts a string and returns a binary string. AES_DECRYPT() decrypts the encrypted string and returns the original string.
AES is a block-level algorithm. So when data encrypted it is padded. So you can calculate the length of the result string using this formula:
1
16 × (trunc(string_length / 16) + 1)
So if your address field structure is = VARCHAR(100) ; //100 length of varchar
Then before your encryption it should be converted
= 16 * (trunc(100/ 16) + 1)
= 16 * (6.25 + 1)
= 16 * 7.25
= 116
So VARCHAR(100) should be converted to  VARBINARY(116) minimum. I suggest use little more like VARBINARY(150) in this case.
Because if AES_DECRYPT() detects invalid data or incorrect padding, it will return NULL. But it is also possible for AES_DECRYPT() to return a non-NULL value (possibly garbage) if the input data or the key is invalid.
Syntax:


AES_ENCRYPT(str, key_str);
AES_DECRYPT(crypt_str,key_str);
 
Please remember, the encryption and decryption will occur based on a key. So you’ve to keep that key in a secret place and using variable you could pass the key to mysql to encrypt and decrypt data.
Now look how I insert data using AES_ENCRYPT, where I used key ‘usa2010′ :


INSERT into user (name, address) VALUES (AES_ENCRYPT('Ram', 'mykey013'),AES_ENCRYPT('Delhi', 'mykey013'));
 
Now look how I decrypt data using AES_DECRYPT:


 SELECT AES_DECRYPT(name, 'mykey'), AES013_DECRYPT(address, 'mykey013') from user;
 
AES_ENCRYPT() and AES_DECRYPT() can be considered the most cryptographically secure encryption functions currently available in MySQL.

And you can get data by jdbc

ResultSet rs = st.executeQuery("select AES_DECRYPT(name, 'mykey013'), AES_DECRYPT(address, 'mykey013') FROM test.table1");
                  while (rs.next()){
                          name = IOUtils.toString(rs.getBinaryStream(1), "UTF-8"); ;
                          address = IOUtils.toString(rs.getBinaryStream(2), "UTF-8");
                          System.out.println("name: "+name);
                          System.out.println("address: "+address);
                  }

Comments

Post a Comment

Popular posts from this blog

Spring Security ACL

Image
ACL Spring Security tutorial By Andrei Tudose and Ovidiu Gheorghies In this article we show how to implement a simple yet meaningful Spring Security based web application using PostgreSQL as a database backend. The learning curve for effective Spring Security usage was pretty steep for us, and we now write the article we wish we would have had in front of our eyes from the very beginning. As die-hard fans of PostgreSQL for its ease of use, scalability and extensibility, we faced a few perks now and then, but having learned how to deal with them, we are now happy to share. Most web applications use security to separate those who have to right to perform an action from those who don’t. In its simplest form, this may mean that registered users may post messages, unregistered users may only read them, while administrators can exercise their free will into editing, deleting, banning or generally annoying people. For more complex and realistic applications, one cannot si...
Read more