ENCRYPT v17
The ENCRYPT
function or procedure uses a user-specified algorithm, key, and optional initialization vector to encrypt RAW
, BLOB
, or CLOB
data. The signature of the ENCRYPT
function is:
ENCRYPT (<src> IN RAW, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL) RETURN RAW
The signature of the ENCRYPT
procedure is:
ENCRYPT (<dst> INOUT BLOB, <src> IN BLOB, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL)
or
ENCRYPT (<dst> INOUT BLOB, <src> IN CLOB, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL)
When invoked as a procedure, ENCRYPT
returns BLOB
or CLOB
data to a user-specified BLOB
.
Parameters
dst
dst
specifies the name of a BLOB
to which to write the output of the ENCRYPT
procedure. The ENCRYPT
procedure overwrites any existing data currently in dst
.
src
src
specifies the source data to encrypt. If you're invoking ENCRYPT
as a function, specify RAW
data. If invoking ENCRYPT
as a procedure, specify BLOB
or CLOB
data.
typ
typ
specifies the block cipher type used by ENCRYPT
and any modifiers. EDB Postgres Advanced Server supports the block cipher algorithms, modifiers, and cipher suites shown in the table.
Block cipher algorithms | |
---|---|
ENCRYPT_DES | CONSTANT INTEGER := 1; |
ENCRYPT_3DES | CONSTANT INTEGER := 3; |
ENCRYPT_AES | CONSTANT INTEGER := 4; |
ENCRYPT_AES128 | CONSTANT INTEGER := 6; |
ENCRYPT_AES192 | CONSTANT INTEGER := 192; |
ENCRYPT_AES256 | CONSTANT INTEGER := 256; |
Block cipher modifiers | |
CHAIN_CBC | CONSTANT INTEGER := 256; |
CHAIN_ECB | CONSTANT INTEGER := 768; |
Block cipher padding modifiers | |
PAD_PKCS5 | CONSTANT INTEGER := 4096; |
PAD_NONE | CONSTANT INTEGER := 8192; |
Block cipher suites | |
DES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_DES + CHAIN_CBC + PAD_PKCS5; |
DES3_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_3DES + CHAIN_CBC + PAD_PKCS5; |
AES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_AES + CHAIN_CBC + PAD_PKCS5; |
key
key
specifies the encryption key.
iv
iv
(optional) specifies an initialization vector. By default, iv
is NULL
.
Examples
This example uses the DBMS_CRYPTO.DES_CBC_PKCS5
Block Cipher Suite (a predefined set of algorithms and modifiers) to encrypt a value retrieved from the passwords
table:
CREATE TABLE passwords ( principal VARCHAR2(90) PRIMARY KEY, -- username ciphertext RAW(9) -- encrypted password ); CREATE PROCEDURE set_password(username VARCHAR2, cleartext RAW) AS typ INTEGER := DBMS_CRYPTO.DES_CBC_PKCS5; key RAW(128) := 'my secret key'; iv RAW(100) := 'my initialization vector'; encrypted RAW(2048); BEGIN encrypted := dbms_crypto.encrypt(cleartext, typ, key, iv); UPDATE passwords SET ciphertext = encrypted WHERE principal = username; END;
ENCRYPT
uses a key value of my secret key
and an initialization vector of my initialization vector
when encrypting the password. Specify the same key and initialization vector when decrypting the password.
- On this page
- Parameters
- Examples