|
1 | | -# Encryption functions |
| 1 | +# Encryption user-defined functions |
2 | 2 |
|
3 | 3 | Percona Server for MySQL 8.0.28-20 adds encryption functions and variables to manage the encryption range. The functions may take an algorithm argument. Encryption converts plaintext into ciphertext using a key and an encryption algorithm. |
4 | 4 |
|
| 5 | +## Version updates |
| 6 | + |
| 7 | +Percona Server for MySQL 8.0.40 adds the following: |
| 8 | + |
| 9 | +* Support for `PKCS1 OAEP` padding for RSA encrypt and decrypt operations |
| 10 | + |
| 11 | + <details> |
| 12 | + <summary> `PKCS1 OAEP` padding explanation</summary> |
| 13 | + PKCS1 OAEP (Optimal Asymmetric Encryption Padding) is a cryptographic technique used to add randomness to a message before encryption. This randomness helps to increase the security of the encrypted message. OAEP padding adds a layer of security by making it more difficult for attackers to exploit weaknesses in the encryption algorithm or to recover the original message. |
| 14 | + </details> |
| 15 | + |
| 16 | +* Support for `PKCS1 PSS` padding for RSA sign and verify operations |
| 17 | + |
| 18 | + <details> |
| 19 | + <summary> `PKCS1 PSS` padding explanation</summary> |
| 20 | + PKCS PSS (Probabilistic Signature Scheme) is a cryptographic algorithm used to add randomness to a message before signing it with a private key. This randomness helps to increase the security of the signature and make it more resistant to various attacks. |
| 21 | + </details> |
| 22 | + |
5 | 23 | You can also use the user-defined functions with the PEM format keys generated externally by the OpenSSL utility. |
6 | 24 |
|
7 | 25 | A digest uses plaintext and generates a hash value. This hash value can verify if the plaintext is unmodified. You can also sign or verify on digests to ensure that the original plaintext was not modified. You cannot decrypt the original text from the hash value. |
@@ -64,7 +82,7 @@ A plaintext as a string. |
64 | 82 |
|
65 | 83 | The following are the function’s parameters: |
66 | 84 |
|
67 | | -* algorithm - the encryption algorithm supports RSA to decrypt the string. |
| 85 | +* algorithm - the encryption algorithm supports RSA to decrypt the string. Percona Server for MySQL 8.0.40 added support for PKCS1 OAEP padding for RSA encrypt operations |
68 | 86 |
|
69 | 87 | * key_str - a string in the PEM format. The key string must have the following attributes: |
70 | 88 |
|
@@ -116,7 +134,7 @@ A signature is a binary string. |
116 | 134 |
|
117 | 135 | The parameters are the following: |
118 | 136 |
|
119 | | -* algorithm - the encryption algorithm supports either RSA or DSA to encrypt the string. |
| 137 | +* algorithm - the encryption algorithm supports either RSA or DSA to encrypt the string. Percona Server for MySQL 8.0.40 added support for PKCS1 PSS padding for RSA sign operations. |
120 | 138 |
|
121 | 139 | * digest_str - the digest binary string that is signed. Invoking create_digest generates the digest. |
122 | 140 |
|
@@ -158,7 +176,7 @@ A `1` (success) or a `0` (failure). |
158 | 176 |
|
159 | 177 | The parameters are the following: |
160 | 178 |
|
161 | | -* algorithm - supports either ‘RSA’ or ‘DSA’. |
| 179 | +* algorithm - supports either ‘RSA’ or ‘DSA’. Percona Server for MySQL 8.0.40 added support for PKCS1 PSS padding for RSA verify operations. |
162 | 180 |
|
163 | 181 | * digest_str - invoking create_digest generates this digest binary string. |
164 | 182 |
|
|
0 commit comments