Skip to content

Question regarding rsaPublicKey in the caching_sha2_password authentication method. #397

New issue
New issue
Closed
Closed
Question regarding rsaPublicKey in the caching_sha2_password authentication method.#397
@bereadyfor

Description

@bereadyfor
bereadyfor
opened on Jun 13, 2023

I am using MySQL without SSL and was looking to implement the caching_sha2_password authentication method. However, with jasync, in non-SSL cases, it's required to specify the path for rsaPublicKey.

0b9ea46#diff-b897e8566df858e6d04bc9985b0e40e26cfbfb1b5391cde77900eec7aab6004b

If we need to perform the full authentication flow (using SHA-256 hashing), the process is as follows:
1. If we're connected over SSL, we can send `AuthenticationSwitchResponse` with a plaintext password.
   Note that if we try to do the same over an unsafe connection, the server always rejects the password.
2. If we are not connected over SSL, we can use the provided `rsaPublicKey` (used by the server) to encrypt the
   password, and send it as `AuthenticationSwitchResponse`. See `Sha256PasswordAuthentication` for
   implementation details.
3. If `rsaPublicKey` is not specified, the public key used to encrypt the password can be fetched from the
   server. **This is currently not supported by the driver.**
4. If the authentication was successful, the server caches the password entry, and returns `OkMessage`.
   The next authentication request for the specified user can therefore be done with fast authentication.

I have two questions:

  1. I am using Java, spring-data-r2dbc, and the jasync-api MySQL driver, and defining the MySQL connection URL in application.yml. However, doing it this way doesn’t allow for specifying the path for rsaPublicKey. It seems I have to directly implement JasyncConnectionFactory using Java config. But this method is complex as it requires defining various parameters needed for creating com.github.jasync.sql.db.Configuration, like eventLoopGroup.
    Is there a way to specify the rsaPublicKey path in the connection URL or more easily set it in a Java-based application? Also, is there any plan to provide this feature?

  2. Is there a plan to offer a way to fetch the rsaPublicKey path directly from the server instead of manually inputting it? For instance, in the case of MySQL Connector/J, something akin to the allowPublicKeyRetrieval option.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions