Error
Error Code:
65
MySQL Error 65: Invalid Public Key Format
Description
This error indicates that a public key provided to MySQL, typically for SSL/TLS connections or authentication, is not formatted according to the Privacy Enhanced Mail (PEM) standard. It occurs when MySQL attempts to read and process a key file, but its structure or encoding is incorrect.
Error Message
Public key is not in Privacy Enhanced Mail format: '%s'.
Known Causes
4 known causesIncorrect Key Encoding
The public key file is encoded in a format other than PEM (e.g., DER), or contains unsupported characters.
Malformed PEM Structure
The PEM file lacks the correct `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` headers/footers, or contains extra data.
File Corruption or Truncation
The public key file is incomplete or corrupted, preventing MySQL from parsing its PEM structure correctly.
Wrong File Used
An incorrect file, not intended to be a PEM-encoded public key, was specified in the MySQL configuration.
Solutions
3 solutions available1. Verify PEM Format of Public Key easy
Ensure the public key file adheres to the Privacy Enhanced Mail (PEM) standard.
1
Open the public key file in a text editor.
2
Confirm that the file starts with `-----BEGIN PUBLIC KEY-----` and ends with `-----END PUBLIC KEY-----`.
3
Check for any extra characters, whitespace, or missing lines between these delimiters. The content between the delimiters should be Base64 encoded.
4
If the format is incorrect, regenerate or re-download the public key from its source in the correct PEM format.
2. Correct Public Key Content medium
Remove any extraneous characters or formatting from the public key data.
1
If you are directly pasting or providing the public key content, ensure it's pure Base64 encoded data between the BEGIN and END markers.
2
Use a tool or script to clean the key. For example, if the key is in a variable, you might need to strip whitespace or control characters.
sed 's/^[[:space:]]*//;s/[[:space:]]*$//' your_public_key.pem > cleaned_public_key.pem3
Re-apply the `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` headers and footers if they were accidentally removed during cleaning.
4
Test the corrected key with your MySQL configuration or command.
3. Ensure Correct Key Type for MySQL medium
Verify that the public key is compatible with the MySQL feature requiring it (e.g., for authentication plugins).
1
Identify which MySQL feature is expecting the public key. Common scenarios include `caching_sha2_password` authentication plugin or TLS/SSL configuration.
2
For `caching_sha2_password`, the public key used for authentication should typically be an RSA public key. Ensure your key is of the correct type and format.
3
If you are configuring TLS/SSL, ensure you are using the correct certificate and key files as per MySQL documentation. The error might indicate a misconfiguration where a private key or a different type of certificate is being provided instead of a public key.
4
Use OpenSSL to inspect the key if unsure.
openssl rsa -in your_public_key.pem -pubout5
If the key is not an RSA public key or is in an incompatible format for the intended MySQL feature, generate a new key of the correct type.