调整mySql列的大小以容纳加密数据-多少? [英] Resize mySql columns to accommodate encrypted data - how much?

问题描述

我有使用utf8_general_ci编码的mySql数据库.我的表是InnoDB

I have mySql database which use utf8_general_ci encoding. My tables are InnoDB

CodeIgniter(3.x)被用作构建php应用程序的框架.我的计划是使用CodeIgniter(3.x)加密类对某些数据进行加密增强安全性.

CodeIgniter(3.x) is used as framework to build the php application. My plan is to encrypt some of the data, using the CodeIgniter(3.x) encryption class for enhanced security.

我使用AES-256，并且加密密钥的长度为32个字节(字符)

I use AES-256 and the length of my encryption key is 32 bytes (characters)

大多数将要加密的列当前为varchar(255)类型.我正在考虑增加此值，但我不知道要多少.

Most of the columns that will be encrypted is currently of type varchar(255). I am considering increasing this value, but I don't know for how much.

推荐答案

这实际上归结为您打算使用的操作模式.AES是具有128位块大小的块密码.也就是说，128位明文将产生128位密文.

This really comes down to the mode of operation you intend to use. AES is a block cipher with a block size of 128 bits. That is, 128 bits of plaintext results in 128 bits of ciphertext.

但是...

ECB和CBC之类的操作模式要求，要求输入数据的长度为块大小的倍数.因此，例如，如果您只想加密112位明文，则必须首先将明文填充为块大小的倍数(例如，我们添加2个字节的填充).这通常是由AES实现自动完成的，但这确实意味着加密后的纯文本长度最多可以增加16个字节.

Modes of operation like ECB and CBC require that the input data is a multiple of the block size in length. So if, for example, you want to encrypt only 112 bits of plaintext, then your plaintext must first be padded to be a multiple of the blocksize (e.g. we add 2 bytes of padding). This is usually done automatically by the AES implementation, but it does mean that the length of your plaintext, when encrypted, can increase by up to 16 bytes.

CTR和CFB等操作模式将分组密码转换为流密码.流密码不需要填充，因此将112位明文加密为112位密文.

Modes of operation like CTR and CFB turn block ciphers into stream ciphers. Padding is not required for stream ciphers, so 112 bits of plaintext is encrypted to 112 bits of ciphertext.

您还需要考虑需要先进行IV/nonce.通常，这是一个16字节的值，但是GCM和CTR模式可能会有所不同.我相信默认值是12个字节，但我可能会记错了.

You also need to consider the need to prepend an IV/nonce. Normally this is a 16 byte value, but GCM and CTR mode can vary. I believe the default is 12 bytes, but I may be mistaken.

请牢记上述内容，并假设您希望加密的任何数据都小于或等于原始255字节的限制，则您需要:

Keeping the above in mind, and assuming any data you wish to encrypt is less than or equal to your original 255 byte limit, you will need to:

• 对于ECB，将限制增加到256个字节(16个字节的完美倍数).

• For ECB, increase the limit to 256 bytes (a perfect multiple of 16 bytes).

对于CBC，将限制增加到256 + 16字节(对于IV).

For CBC, increase the limit to 256 + 16 bytes (for the IV).

对于将AES转换为流密码(CTR，CFB等)的模式，数据量可以相同(255字节)，但是您需要为随机数腾出空间，我认为这是通常为12个字节.您需要确认这一点.

For modes that turn AES into a stream cipher (CTR, CFB etc.), the data amount can be the same (255 bytes), but you will need to make room for your nonce, which I think is normally 12 bytes. You'll need to confirm this.

这篇关于调整mySql列的大小以容纳加密数据-多少?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！