robertamarton commented on a change in pull request #1825: [TRAFODION-3293] Add
the AES_ENCRYPT Function in the Trafodion SQL Reference Manual
URL: https://github.com/apache/trafodion/pull/1825#discussion_r273133146
##########
File path:
docs/sql_reference/src/asciidoc/_chapters/sql_functions_and_expressions.adoc
##########
@@ -487,6 +487,141 @@ LARGEINT if the precision of the argument is greater
than or equal to
ABS (-20 + 12)
```
+<<<
+[[aes_encrypt_function]]
+== AES_ENCRYPT Function
+
+The AES_ENCRYPT function encrypts a `_string_` using a specified encryption
`_key_` with the AES (Advanced Encryption Standard) algorithm and returns a
binary string.
+
+This function prevents sensitive data from being visible to the public. For
example, use the AES_ENCRYPT function to encrypt person identity number to
preserve user confidentiality.
+
+`AES_ENCRYPT (_string_, _key_)`
+
+[[syntax_description_of_aes_encrypt]]
+=== Syntax Description of AES_ENCRYPT
+
+* `_string_`
++
+is the data to be encrypted.
+
+* `_key_`
++
+is the encryption key to encrypt the `_string_`.
+
++
+TIP: The CQD `block_encryption_mode` controls the mode for the block-based
encryption algorithm. The default mode is the aes-128-ecb, which means the
encryption using a key length of 128 bits and the ECB mode.
+
++
+[cols="50%,50%"]
+|===
+^| *Value* ^| *Mode*
+^| 0 ^| aes-128-ecb
+^| 1 ^| aes-192-ecb
+^| 2 ^| aes-256-ecb
+|===
+
++
+*Example*
+
++
+The following examples show that the AES_ENCRYPT function returns the
different results based on the different modes.
+
++
+** The mode aes_192_ecb is in effect.
+
++
+```
+CQD BLOCK_ENCRYPTION_MODE '1';
+
+--- SQL operation complete.
+```
+
++
+```
+SELECT AES_ENCRYPT ('Technical_Writer','Coder') FROM DUAL;
+
+(EXPR)
+--------------------------------
+4}\îî¢Øã^ûh<á¼Æ7õé³ê!cH^Ð
+```
+
++
+** The mode aes_256_ecb is in effect.
+
++
+```
+CQD BLOCK_ENCRYPTION_MODE '2';
+
+--- SQL operation complete.
+```
+
++
+```
+SELECT AES_ENCRYPT ('Technical_Writer','Coder') FROM DUAL;
+
+(EXPR)
+--------------------------------
+Ô_8ÆðÑ=Uú2g1¥@°Ô3yä
+
+--- 1 row(s) selected.
+```
+
+[[considerations_for_aes_encrypt]]
+=== Considerations for AES_ENCRYPT
+
+Either argument cannot be NULL.
Review comment:
It looks like the function was added by Weiqing Xu, not sure who is familiar
with this function now. I will check around.
Here is the message from his delivery, it looks like there are more values
for the CQD:
[TRAFODION-2228]Add AES_ENCRYPT/AES_DECRYPT functions
Add two functions which used to encrypt and decrypt the data using the
official AES (Advanced Encryption Standard) algorithm.
AES_ENCRYPT(str, key_str[, init_vector])
AES_DECRYPT(crypt_str, key_str[, init_vector])
Both these two function have optional init_vector argument which
provides an initalization vector for block encryption modes that
require it. For modes that require the optional init_vector argument, an
err
occurs if init_vector is missing. For modes that don't need
init_vector, it will raise a unused argument waring if init_vector is
provided.
The new CQD block_encryption_mode controls the mode for
block-based
encryption algorithm. The default value is 0, which use
aes-128-ecb.
CQD value algorithm
0 aes-128-ecb
1 aes_192_ecb
2 aes_256_ecb
3 aes_128_cbc
4 aes_192_cbc
5 aes_256_cbc
6 aes_128_cfb1
7 aes_192_cfb1
8 aes_256_cfb1
9 aes_128_cfb8
10 aes_192_cfb8
11 aes_256_cfb8
12 aes_128_cfb128
13 aes_192_cfb128
14 aes_256_cfb128
15 aes_128_ofb
16 aes_192_ofb
17 aes_256_ofb
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
