Encrypts the specified values using the supplied encryption key and returns a LONG BINARY value.
ENCRYPT( string-expression, key [, algorithm ] )
algorithm : 'AES' | 'AES256' | 'AES_FIPS' | 'AES256_FIPS'
string-expression The data to be encrypted. Binary values can also be passed to this function. This parameter is case sensitive, even in case-insensitive databases.
key The encryption key used to encrypt the string-expression. This same key must be used to decrypt the value to obtain the original value. This parameter is case sensitive, even in case-insensitive databases.
As with most passwords, it is best to choose a key value that cannot be easily guessed. It is recommended that you choose a value for your key that is at least 16 characters long, contains a mix of uppercase and lowercase, and includes numbers, letters and special characters. You will require this key each time you want to decrypt the data.
For strongly encrypted databases, be sure to store a copy of the key in a safe location. If you lose the encryption key there is no way to access the data, even with the assistance of technical support. The database must be discarded and you must create a new database.
algorithm This optional parameter specifies the algorithm to use when encrypting string-expression. The algorithm used for strong encryption is Rijndael: a block encryption algorithm chosen as the new Advanced Encryption Standard (AES) for block ciphers by the National Institute of Standards and Technology (NIST).
You can specify one of the FIPS algorithms for algorithm on any platform that supports FIPS.
If algorithm is not specified, AES is used by default. If the database server was started using the -fips server option, AES_FIPS is used as the default instead.
The LONG BINARY value returned by this function is at most 31 bytes longer than the input string-expression. The value returned by this function is not human-readable. You can use the DECRYPT function to decrypt a string-expression that was encrypted with the ENCRYPT function. To successfully decrypt a string-expression, you must use the same encryption key and algorithm that were used to encrypt the data. If you specify an incorrect encryption key, an error is generated. A lost key will result in inaccessible data, from which there is no recovery.
If you are storing encrypted values in a table, the column should be BINARY or LONG BINARY so that character set conversion is not performed on the data.
FIPS is not available on all platforms. For a list of supported platforms, see http://www.sybase.com/detail?id=1061806.
SQL/2003 SQL foundation feature outside core SQL.
The following trigger encrypts the user_pwd column of the user_info table. This column contains users' passwords, and the trigger fires whenever the password value is changed.
CREATE TRIGGER encrypt_updated_pwd BEFORE UPDATE OF user_pwd ON user_info REFERENCING NEW AS new_pwd FOR EACH ROW BEGIN SET new_pwd.user_pwd=ENCRYPT( new_pwd.user_pwd, '8U3dkA' ); END;
|Discuss this page in DocCommentXchange.
Send feedback about this page using email.
|Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1|