Chapter 6 Security

6.4.4.12 Supported Keyring Key Types and Lengths支持的钥匙圈钥匙类型和长度

~~MySQL Keyring supports keys of different types (encryption algorithms) and lengths:~~MySQL Keyring支持不同类型（加密算法）和长度的密钥：

~~The available key types depend on which keyring plugin is installed.~~可用的密钥类型取决于安装了哪个密钥环插件。
~~The permitted key lengths are subject to multiple factors:~~允许的密钥长度受多种因素影响：
- General keyring loadable-function interface limits (for keys managed using one of the keyring functions described in Section 6.4.4.14, “General-Purpose Keyring Key-Management Functions”), or limits from back end implementations. These length limits can vary by key operation type.通用密钥环可加载功能接口限制（适用于使用第6.4.4.14节，“通用密钥环密钥管理功能”中描述的密钥环功能之一管理的密钥），或后端实现的限制。这些长度限制可能因按键操作类型而异。
- ~~In addition to the general limits, individual keyring plugins may impose restrictions on key lengths per key type.~~除了一般限制外，单个钥匙圈插件可能会对每种钥匙类型的钥匙长度施加限制。

~~Table 6.26, “General Keyring Key Length Limits” shows the general key-length limits.~~ 表6.26“通用钥匙圈钥匙长度限制”显示了通用钥匙长度限制。~~(The lower limits for keyring_aws are imposed by the AWS KMS interface, not the keyring functions.)~~ （keyring_aws的下限是由aws KMS接口而不是密钥环函数施加的。）~~For keyring plugins, Table 6.27, “Keyring Plugin Key Types and Lengths” shows the key types each keyring plugin permits, as well as any plugin-specific key-length restrictions.~~ 对于钥匙圈插件，表6.27“钥匙圈插件密钥类型和长度”显示了每个钥匙圈插件允许的密钥类型，以及任何特定于插件的密钥长度限制。~~For keyring components, the general key-length limits apply and there are no key-type restrictions.~~对于钥匙圈组件，适用一般钥匙长度限制，没有钥匙类型限制。

Table 6.26 ~~General Keyring Key Length Limits~~通用钥匙圈钥匙长度限制

~~Key Operation~~按键操作	~~Maximum Key Length~~最大密钥长度
~~Generate key~~生成密钥	16,384 bytes (2,048 prior to MySQL 8.0.18); 1,024 for `keyring_aws`
~~Store key~~存储密钥	16,384 bytes (2,048 prior to MySQL 8.0.18); 4,096 for `keyring_aws`
~~Fetch key~~获取密钥	16,384 bytes (2,048 prior to MySQL 8.0.18); 4,096 for `keyring_aws`

Table 6.27 ~~Keyring Plugin Key Types and Lengths~~钥匙圈插件钥匙类型和长度

~~Plugin Name~~插件名称	~~Permitted Key Type~~允许的密钥类型	~~Plugin-Specific Length Restrictions~~插件特定长度限制
`keyring_aws`	`AES` `SECRET`	16, 24, or 32 bytes None
`keyring_encrypted_file`	`AES` `DSA` `RSA` `SECRET`	None None None None
`keyring_file`	`AES` `DSA` `RSA` `SECRET`	None None None None
`keyring_hashicorp`	`AES` `DSA` `RSA` `SECRET`	None None None None
`keyring_oci`	`AES`	16, 24, or 32 bytes
`keyring_okv`	`AES` `SECRET`	16, 24, or 32 bytes None

The SECRET key type, available as of MySQL 8.0.19, is intended for general-purpose storage of sensitive data using the MySQL keyring, and is supported by all keyring components and most keyring plugins. 从MySQL 8.0.19开始提供的SECRET密钥类型旨在使用MySQL密钥环对敏感数据进行通用存储，并得到所有密钥环组件和大多数密钥环插件的支持。~~The keyring encrypts and decrypts SECRET data as a byte stream upon storage and retrieval.~~密钥环在存储和检索时将SECRET数据加密和解密为字节流。

~~Example keyring operations involving the SECRET key type:~~涉及SECRET密钥类型的密钥环操作示例：

SELECT keyring_key_generate('MySecret1', 'SECRET', 20);
SELECT keyring_key_remove('MySecret1');

SELECT keyring_key_store('MySecret2', 'SECRET', 'MySecretData');
SELECT keyring_key_fetch('MySecret2');
SELECT keyring_key_length_fetch('MySecret2');
SELECT keyring_key_type_fetch('MySecret2');
SELECT keyring_key_remove('MySecret2');