Data types for encrypted columns

This section lists the supported and unsupported data types for encrypted columns and discusses the preservation of the original data type of an encrypted column.

The first parameter of the AES_ENCRYPT function must be one of these supported data types:

The LOB data type is not currently supported for Sybase IQ column encryption.

Sybase IQ ensures that the original data type of the plaintext is preserved when decrypting data, if the AES_DECRYPT function is given the data type as a parameter, or is within a CAST function. Sybase IQ compares the target data type of the CAST with the data type of the originally encrypted data. If the two data types do not match, a -1001064 error is returned with details about the original and target data types.

For example, given an encrypted VARCHAR(1) value and this valid decryption statement:

SELECT AES_DECRYPT ( thecolumn, ‘theKey’,
VARCHAR(1) ) FROM thetable

If you attempt to decrypt the data using:

SELECT AES_DECRYPT ( thecolumn, ‘theKey’,
SMALLINT ) FROM thetable

the error returned is:

Decryption error: Incorrect CAST type smallint(5,0)
for decrypt data of type varchar(1,0).

This data type check is made only when supplied. Without the CAST or the data type parameter, the query returns the ciphertext as binary data.

INSERT INTO t (cipherCol) VALUES (AES_ENCRYPT (1, ‘key’))

INSERT INTO t (cipherCol)
VALUES ( AES_ENCRYPT (CAST (1 AS UNSIGNED INTEGER), ‘key’))