ENCRYPT v16
The ENCRYPT function or procedure uses a user-specified algorithm, key, and optional initialization vector to encrypt RAW, BLOB, or CLOB data. The signature of the ENCRYPT function is:
ENCRYPT (<src> IN RAW, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL) RETURN RAW
The signature of the ENCRYPT procedure is:
ENCRYPT (<dst> INOUT BLOB, <src> IN BLOB, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL)
or
ENCRYPT (<dst> INOUT BLOB, <src> IN CLOB, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL)
When invoked as a procedure, ENCRYPT returns BLOB or CLOB data to a user-specified BLOB.
Parameters
dst
dst specifies the name of a BLOB to which to write the output of the ENCRYPT procedure. The ENCRYPT procedure overwrites any existing data currently in dst.
src
src specifies the source data to encrypt. If you're invoking ENCRYPT as a function, specify RAW data. If invoking ENCRYPT as a procedure, specify BLOB or CLOB data.
typ
typ specifies the block cipher type used by ENCRYPT and any modifiers. EDB Postgres Advanced Server supports the block cipher algorithms, modifiers, and cipher suites shown in the table.
| Block cipher algorithms | |
|---|---|
ENCRYPT_DES | CONSTANT INTEGER := 1; |
ENCRYPT_3DES | CONSTANT INTEGER := 3; |
ENCRYPT_AES | CONSTANT INTEGER := 4; |
ENCRYPT_AES128 | CONSTANT INTEGER := 6; |
ENCRYPT_AES192 | CONSTANT INTEGER := 192; |
ENCRYPT_AES256 | CONSTANT INTEGER := 256; |
| Block cipher modifiers | |
CHAIN_CBC | CONSTANT INTEGER := 256; |
CHAIN_ECB | CONSTANT INTEGER := 768; |
| Block cipher padding modifiers | |
PAD_PKCS5 | CONSTANT INTEGER := 4096; |
PAD_NONE | CONSTANT INTEGER := 8192; |
| Block cipher suites | |
DES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_DES + CHAIN_CBC + PAD_PKCS5; |
DES3_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_3DES + CHAIN_CBC + PAD_PKCS5; |
AES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_AES + CHAIN_CBC + PAD_PKCS5; |
key
key specifies the encryption key.
iv
iv (optional) specifies an initialization vector. By default, iv is NULL.
Examples
This example uses the DBMS_CRYPTO.DES_CBC_PKCS5 Block Cipher Suite (a predefined set of algorithms and modifiers) to encrypt a value retrieved from the passwords table:
CREATE TABLE passwords ( principal VARCHAR2(90) PRIMARY KEY, -- username ciphertext RAW(9) -- encrypted password ); CREATE PROCEDURE set_password(username VARCHAR2, cleartext RAW) AS typ INTEGER := DBMS_CRYPTO.DES_CBC_PKCS5; key RAW(128) := 'my secret key'; iv RAW(100) := 'my initialization vector'; encrypted RAW(2048); BEGIN encrypted := dbms_crypto.encrypt(cleartext, typ, key, iv); UPDATE passwords SET ciphertext = encrypted WHERE principal = username; END;
ENCRYPT uses a key value of my secret key and an initialization vector of my initialization vector when encrypting the password. Specify the same key and initialization vector when decrypting the password.
- On this page
- Parameters
- Examples