This plugin implements the caching_sha2_password authentication method, using an in-memory cache for fast authentication or RSA encryption for full verification.
Caching SHA256 first sends an SHA256-encrypted password. MySQL server has an in-memory cache of SHA256 key for successful authentication. When a cache hit occurs, the connection is validated, if not, using some more steps to a process similar to sha256_password.
Caching SHA256 authentication possible exchanges:
Client sends an .
Server result is either , or .
If fast authentication result:
If connection uses SSL ( Packet sent):
Client sends a .
Else:
Encryption is XOR(SHA256(password), SHA256(seed, SHA256(SHA256(password)))).
encrypted password.
Result of fast authentication.
authentication result.
0x03 value means success authentication.
0x04 value means continue.
password without encryption.
Value send is not 0x01 like sha256_password use, but 0x02.
fixed 0x02 value.
fixed 0x01 value.
public key data.
RSA encrypted password.
RSA encrypted value of XOR(password, seed) using server public key (RSA_PKCS1_OAEP_PADDING).
This page is licensed: CC BY-SA / Gnu FDL
If client doesn't know server RSA public key:
Client sends a public key request.
Server sends a public key response.
Client sends an RSA encrypted password.
Ends with server sending either OK_Packet , ERR_Packet.