Encrypts the specified values using the supplied encryption key and returns a LONG BINARY value.
ENCRYPT( string-expression, key
[, algorithm ]
string-expression The data to be encrypted. Binary values can also be passed to this function. This parameter is case sensitive, even in case-insensitive databases.
key The encryption key used to encrypt the string-expression. This same key must be used to decrypt the value to obtain the original value. This parameter is case sensitive, even in case-insensitive databases.
As with most passwords, it is best to choose a key value that cannot be easily guessed. It is recommended that you choose a value for your key that is at least 16 characters long, contains a mix of uppercase and lowercase, and includes numbers, letters and special characters. You will require this key each time you want to decrypt the data.
Protect your key. Be sure to store a copy of your key in a safe location. A lost key will result in the encrypted data becoming completely inaccessible, from which there is no recovery.
algorithm This optional parameter specifies the algorithm used to encrypt the string-expression. The string-expression must be encrypted using the same algorithm with which it will be decrypted. The algorithm used to implement SQL Anywhere strong encryption is Rijndael: a block encryption algorithm chosen as the new Advanced Encryption Standard (AES) for block ciphers by the National Institute of Standards and Technology (NIST).
On any platform that supports FIPS,, you can also specify a separate FIPS-approved AES algorithm for strong encryption using the AES_FIPS algorithm.
This function returns a LONG BINARY value, which is at most 31 bytes longer than the input string-expression. The value returned by this function is not human-readable. You can use the DECRYPT function to decrypt a string-expression that was encrypted with the ENCRYPT function. To successfully decrypt a string-expression, you must use the same encryption key and algorithm that were used to encrypt the data. If you specify an incorrect encryption key, an error is generated. A lost key will result in inaccessible data, from which there is no recovery.
If you are storing encrypted values in a table, the column should be BINARY or LONG BINARY so that character set conversion is not performed on the data.
SQL/2003 SQL foundation feature outside of core SQL.
The following trigger encrypts the user_pwd column of the user_info table. This column contains users' passwords, and the trigger fires whenever the password value is changed.
CREATE TRIGGER encrypt_updated_pwd BEFORE UPDATE OF user_pwd ON user_info REFERENCING NEW AS new_pwd FOR EACH ROW BEGIN SET new_pwd.user_pwd=ENCRYPT( new_pwd.user_pwd, '8U3dkA' ); END;