MariaDB starting with 11.3

KDF() is a key derivation function introduced in MariaDB 11.3.0.


KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]])


KDF is a key derivation function, similar to OpenSSL's EVP_KDF_derive(), useful for generating good encryption keys for AES_ENCRYPT.

  • kdf_name is "hkdf" or "pbkdf2_hmac" (default)
  • width (in bits) can be any number divisible by 8, by default it's taken from @@block_encryption_mode
  • iterations must be positive, and is 1000 by default

Note that OpenSSL 1.0 doesn't support HKDF, so in this case NULL is returned. This OpenSSL version is still used in SLES 12 and CentOS 7.


select hex(kdf('foo', 'bar', 'infa', 'hkdf')); 
| hex(kdf('foo', 'bar', 'infa', 'hkdf')) |
| 612875F859CFB4EE0DFEFF9F2A18E836       |


Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.