Mysql Date Encryption - mysql

I am using AES_ENCRYPT method to encrypt the Mysql data's but when i tried it for Mysql Date type field which is not working. How to encrypt Mysql Date field using the AES_ENCRYPT? I have tried it by googleing it but no luck so far.


From the mysql manual:
AES_ENCRYPT() encrypts a string and returns a binary string.
AES_DECRYPT() decrypts the encrypted string and returns the original string.
The input arguments may be any length.
If either argument is NULL, the result of this function is also NULL.
This means you need to store encrypted data in a column of varchar or text type.

Related

Strange answer behavior with SELECT

I have a simple table using a non auto inc INT as primary key.
When querying the table with condition e.g. WHERE id='2,5,6' (unintentionally!) it returns a result set!
Ok, it works, but why?

id is an integer and you compare it with a string '2,5,6'. MySQL converts the string to a number in order to compare the two.
Well, '2,5,6' isn't a number and other DBMS would throw an error. But MySQL uses another approach: it converts character per character until the string is ended or the character is not numeric. So it sees the 2 then the comma. Depending on your settings the comma is the dicimal separater or not. So MySQL either converts to 2 or to 2.5.
Here is the documentation on implicit conversions in MySQL: https://dev.mysql.com/doc/refman/5.5/en/type-conversion.html.
The algorithm on how to convert a string to a number is not explicitly described there, but they say for instance
there are many different strings that may convert to the value 1, such as '1', ' 1', or '1a'.
They also point out in that document that implicit conversion is dangerous, because strings are not converted to DECIMAL (as I would have thought), but to the approximate datatype DOUBLE. So in MySQL we should always avoid implicit conversion from string to number.

MySQL: Which data type can handle special character?

I have MySQL table, and in message field I want to store encrypted data. Encrypted data looks like
�O-�H,,E%P!�O-�H-!E%!P!�O-�H,E%�P!�O-�H,,E$�P"�O-!H,E%P!�O-H+�E%P"
Hence, I cannot store such characters in message either I did utf_general_ci or blog.
Please help me to figure out which datatype can store such characters.

Take a look at this URL: https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html
"Many encryption and compression functions return strings for which the result might contain arbitrary byte values. If you want to store these results, use a column with a VARBINARY or BLOB binary string data type. This will avoid potential problems with trailing space removal or character set conversion that would change data values, such as may occur if you use a nonbinary string data type (CHAR, VARCHAR, TEXT)."

AES_DECRYPT How do you check value is already decrypted in mysql

I want to decrypt fields in my database using sql on mysql but before I decrypt I need to check if the fields can be decrypted.
update customer
set name = aes_decrypt(from_base64(name), 'key')
If the provided key is wrong or data is invalid the name field will be set to null;
I have tried adding a where clause like below to make sure the field name is not already decrypted but this doesn't work all the time as the aes_decrypt can return null or garbage if the key is incorrect or data is invalid.
update customer
set name = aes_decrypt(from_base64(name), 'key')
where aes_decrypt(from_base64(name), 'key') is not null.
So how can I check if the returned value is null or "garbage"? Or what other approach is there?
From mysql doc: "it is possible for AES_DECRYPT() to return a non-NULL value (possibly garbage) if the input data or the key is invalid."
garbage example I get: w���� ��Y�'v��Y�m��_
Thanks

Instead of storing raw ciphertext, follow the lead of version 2 of Defuse Security's PHP encryption library:
Use authenticated encryption.
Use a version tag which tells what library was used as well as what version and any optional configuration information you need to add.
Make sure to calculate HMAC(tag || IV || ciphertext) instead of just HMAC(ciphertext).
Store the tag, IV/nonce, ciphertext, and MAC together; preferably as a hex- or base64-encoded string.
Then the question becomes "Do the first N bytes of the string evaluate to a known version tag of my encryption library"?

binary/string casting in MySQL

For archival/historical purposes, after doing an UPDATE on a table in MySQL, I am storing a snapshot of the relevant fields in this table as JSON in a TEXT field of a changelog table. If a table has a varbinary field to securely store sensitive information, I am storing a string representation of the varbinary field by casting the varbinary field to CHAR because I cannot serialize binary data to JSON. This I have done as follows:
SELECT CAST(BinaryField AS CHAR) as CastedValue FROM table
A sample value from the binary field is: 0x774751ECAEC2D03703805E07AB0B8356
and casted value is: wGQ���7�^��V
The original value was stored in a varbinary field using the MySQL aes_encrypt function and a key.
When I try to decrypt this casted value using aes_decrypt, it is returning NULL:
SELECT cast(aes_decrypt('wGQ���7�^��V' ,'mykey') as char) as thedata ;
How can I get my original value back from the casted binary value?

Encrypted data is an array of 8-bit bytes with no encoding. In fact many bytes and byte sequences have no UTF-8 (or any meaningful) character representation.
Ultimatly when the data is decrypted it will be back to it's original encoding.
There is no "casting", it is strictly how you look at the bytes, and it is an encoding that gives bytes some meaning other than just 8-bits.

How can I encrypt a value in MySQL?

I have this code:
CREATE TABLE Person
(
primaryKey int unsigned NOT NULL,
emailAddress mediumblob NOT NULL
);
What attribute (like NOT NULL) can I use so that the emailAddress would be encrypted?
I would greatly appreciate the help. I tried encrypt() but that's giving me errors.

if you looking to encrypt data where you can decrypt it later then you should use ES_ENCRYPT() AND AES_DECRYPT()
According to the Manual
AES_ENCRYPT() encrypts a string and returns a binary string. AES_DECRYPT() decrypts the encrypted string and returns the original string. .
MySQL 5.1 Doc: AES_ENCRYPT() / AES_DECRYPT()
you can use it like this
INSERT INTO table (email)VALUES(AES_ENCRYPT('myemail', 'secrectkey' ))
to read the data that is encrypted you can do this
SELECT AES_DECRYPT(email, 'secrectkey' ) FROM table
where secrectkey is really a secret value that only authorized users should have access to
But if you are looking for hashing "a one way hash that can't be read back in plain text" you can use one of the following functions
MD5('myemail');
OR
PASSWORD('myemail');
OR
SHA1('myemail');
Then your table length depends on the encryption method you use. you can use VARCHAR() if the length of your encrypted message changes. If you know that you will be using fixed length I would use CHAR(exact_length)
Again the length will depend on the method you use.

You have the complete list of encryption functions supported by MySQL DBMS on this official documentation.