MySql WorkBench AES 256 Decryption

Question

I have table with: 1) Encrypted_ID varchar (256) 2) Initialization Vector(iv)varchar(256).

I would like to decrypt the column value using the key

I am using:

Answer 1

MySql Workbench worked for me. In my Case, encrypted value was encoded in base 64. So I had to decode base 64 value and IV Using "From_base64" function.

SET block_encryption_mode = 'aes-256-cbc';
set @k = 'Key';
set @iv = From_base64('InitializationVector');
set @v = from_base64('EncryptedValue');
select CAST(AES_DECRYPT(@v, @k, @iv) AS CHAR);

Please make sure the encryption type, base 64 encoding, Hex/Unhex of the values/Iv are correct before you start working on the decryption. Review MYSql functions https://dev.mysql.com/doc/refman/8.0/en/string-functions.html

Hope this helps for someone.

Answer 2

There's actually nothing wrong with your first query, syntactically it's spot on as this worked example demonstrates.

mysql> SET @@SESSION.block_encryption_mode = 'aes-256-cbc';

mysql> create table MyTable(
    ->  Encrypted_ID varbinary(256),
    ->  InitializationVector_iv varbinary(16)
    -> );
Query OK, 0 rows affected (0.93 sec)

mysql> SET @iv = RANDOM_BYTES(16);
Query OK, 0 rows affected (0.00 sec)

mysql> INSERT INTO MyTable SET Encrypted_ID = AES_ENCRYPT('hello','key', @iv), InitializationVector_iv = @iv;
Query OK, 1 row affected (0.17 sec)

mysql> SELECT CAST(AES_DECRYPT(Encrypted_ID,'key', InitializationVector_iv) AS CHAR) from MyTable;
+------------------------------------------------------------------------+
| CAST(AES_DECRYPT(Encrypted_ID,'key', InitializationVector_iv) AS CHAR) |
+------------------------------------------------------------------------+
| hello                                                                  |
+------------------------------------------------------------------------+
1 row in set (0.00 sec)

As for why it's not working, I managed to get the query to return NULL in 2 scenarios. One, you get NULL returned if you use a different iv for encryption and decryption, so you might want to look at how you are storing as the iv. Two, you get NULL where you have the block_encryption_mode variable set differently when storing and trying to retrieve the value, check that you're not accidentally reverting to the default 'aes-128-ebc between sessions. There may be others...

The second query will fail because you need to supply the iv to both of he encryption and decryption functions, you only use it to encrypt. Also, since you are taking the values from the MyTable, Encrypted_ID will already be encrypted and the effect of this query would be to encrypt it again, before reversing that to get you back to the stored (encrypted) value.

Finally, AES is only going to use 16 bytes of the iv so you might as well make that VARBINARY(16).

Answer 3

AES doesn't work with MySQL Workbench in my case. I have to use the mysql console.