Encrypts the specified values using the supplied encryption key, and returns a VARBINARY or LONG VARBINARY.
string-expression – the data to be encrypted. You can also pass binary values to AES_ENCRYPT. This parameter is case-sensitive, even in case-insensitive databases.
key – the encryption key used to encrypt the string-expression. To obtain the original value, also use the same key to decrypt the value. This parameter is case-sensitive, even in case-insensitive databases.
As you should for most passwords, choose a key value that is difficult to guess. Choose a value that is at least 16 characters long, contains a mix of uppercase and lowercase letters, and includes numbers and special characters. You need this key each time you want to decrypt the data.
AES_ENCRYPT returns a VARBINARY value, which is at most 31 bytes longer than the input string-expression. The value returned by this function is the ciphertext, which is not human-readable. You can use the AES_DECRYPT function to decrypt a string-expression that was encrypted with the AES_ENCRYPT function. To successfully decrypt a string-expression, use the same encryption key and algorithm used to encrypt the data. If you specify an incorrect encryption key, an error is generated.
If you are storing encrypted values in a table, the column should be of data type VARBINARY or VARCHAR, and greater than or equal to 32 bytes, so that character set conversion is not performed on the data. (Character set conversion prevents data decryption.) If the length of the VARBINARY or VARCHAR column is fewer than 32 bytes, the AES_DECRYPT function returns an error.
The result data type of an AES_ENCRYPT function may be a LONG BINARY. If you use AES_ENCRYPT in a SELECT INTO statement, you must have an Unstructured Data Analytics Option license, or use CAST and set AES_ENCRYPT to the correct data type and size.