ENCRYPT function [String]

Encrypts the specified values using the supplied encryption key and returns a LONG BINARY value.

Syntax
ENCRYPT( string-expression, key 
[, algorithm ] 
)
algorithm : 
'AES' 
| 'AES256' 
| 'AES_FIPS' 
| 'AES256_FIPS'
Parameters
  • string-expression   The data to be encrypted. Binary values can also be passed to this function. This parameter is case sensitive, even in case-insensitive databases.

  • key   The encryption key used to encrypt the string-expression. This same key must be used to decrypt the value to obtain the original value. This parameter is case sensitive, even in case-insensitive databases.

    As with most passwords, it is best to choose a key value that cannot be easily guessed. It is recommended that you choose a value for your key that is at least 16 characters long, contains a mix of uppercase and lowercase, and includes numbers, letters and special characters. You will require this key each time you want to decrypt the data.

    Caution

    For strongly encrypted databases, be sure to store a copy of the key in a safe location. If you lose the encryption key there is no way to access the data, even with the assistance of technical support. The database must be discarded and you must create a new database.

  • algorithm   This optional parameter specifies the algorithm to use when encrypting string-expression. The algorithm used for strong encryption is Rijndael: a block encryption algorithm chosen as the new Advanced Encryption Standard (AES) for block ciphers by the National Institute of Standards and Technology (NIST).

    You can specify one of the FIPS algorithms for algorithm on any platform that supports FIPS.

    If algorithm is not specified, AES is used by default. If the database server was started using the -fips server option, AES_FIPS is used as the default instead.

Returns

LONG BINARY

Remarks

The LONG BINARY value returned by this function is at most 31 bytes longer than the input string-expression. The value returned by this function is not human-readable. You can use the DECRYPT function to decrypt a string-expression that was encrypted with the ENCRYPT function. To successfully decrypt a string-expression, you must use the same encryption key and algorithm that were used to encrypt the data. If you specify an incorrect encryption key, an error is generated. A lost key will result in inaccessible data, from which there is no recovery.

If you are storing encrypted values in a table, the column should be BINARY or LONG BINARY so that character set conversion is not performed on the data.

Note

FIPS is not available on all platforms. For a list of supported platforms, see [external link] http://www.sybase.com/detail?id=1061806.

See also
Standards and compatibility
  • SQL/2003   SQL foundation feature outside core SQL.

Example

The following trigger encrypts the user_pwd column of the user_info table. This column contains users' passwords, and the trigger fires whenever the password value is changed.

CREATE TRIGGER encrypt_updated_pwd
BEFORE UPDATE OF user_pwd
ON user_info
REFERENCING NEW AS new_pwd
FOR EACH ROW
BEGIN
    SET new_pwd.user_pwd=ENCRYPT( new_pwd.user_pwd, '8U3dkA' );
END;