MariaDBERRORNotableFunctionsHIGH confidence

The initialization vector supplied to aes_encrypt is too short

Q: How to fix MariaDB 1686 The initialization vector supplied to aes_encrypt is too short?

Provide a 16-byte IV: RANDOM_BYTES(16) generates a cryptographically random 16-byte IV of the correct length.

Production Risk

Medium — encryption calls fail; data is not stored or returned.

What this means

AES_ENCRYPT() or AES_DECRYPT() received an initialization vector (IV) that is shorter than 16 bytes, which is required for CBC, CFB, and OFB block cipher modes.

Why it happens

1IV string passed to AES_ENCRYPT/AES_DECRYPT is fewer than 16 characters/bytes.
2Using a block cipher mode that requires an IV without providing a full-length IV.

How to reproduce

trigger — this will error

SELECT AES_ENCRYPT('secret', 'key', 'short_iv');

expected output

ERROR 1686 (HY000): The initialization vector supplied to aes_encrypt is too short. Must be at least 16 bytes long.

Fix

Provide a 16-byte IV

SELECT AES_ENCRYPT('secret', 'mykey_32bytes___', RANDOM_BYTES(16));

Why this works

RANDOM_BYTES(16) generates a cryptographically random 16-byte IV of the correct length.

What not to do

Sources

Official documentation ↗

MySQL 8.0 — 1686 ER_AES_INVALID_IV

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMariaDB Error Codes

Code1686

ClassFunctions

SeverityERROR

TierNotable

ConfidenceHIGH

← All MariaDB errors