MYSQL: Returning AES encrypted data returns NULL

Asked Jan 12 '19 at 20:44

Active Jan 12 '19 at 20:44

Viewed 15 times

I have a database with AES encrypted data, the encrypted data is stored in BLOBs, but when selecting data with the query below the return is NULL

SELECT aes_decrypt('firstname', 'key') AS firstname, aes_decrypt('lastname', 'key') AS lastname FROM orders

asked Jan 12 '19 at 20:44

40oz

[If AES_DECRYPT() detects invalid data or incorrect padding, it returns NULL.](https://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_aes-decrypt) – Bill Karwin Jan 12 '19 at 20:53
2

If you mean column `lastname` don’t put it into single quotes. Now it’s a string. – Sami Kuhmonen Jan 12 '19 at 20:55
@BillKarwin Wow, returns padding errors, it is a Padding oracle built into MySQL encryption! This is exactly why non-security people should not implement encryption. From this is seems one should not rely on MySQL encryption. Here is the funny part: all they had to do was ignore padding errors, they added code that made it insecure! – zaph Jan 13 '19 at 14:49

0 Answers0