Skip to main content

Cryptographic functions

Raw encryption functions

Raw encryption functions are basic encryption functions that perform encryption and decryption of data using cryptographic algorithms. Please note they solely apply a cipher to the data and do not provide additional security measures.

encrypt(data bytea, key bytea, type text) -> bytea
decrypt(data bytea, key bytea, type text) -> bytea

The cipher method is specified by type. The syntax of the type string is:

algorithm [-mode][/pad:padding]

algorithm is:

  • aes — AES (Rijndael-128, -192 or -256)

mode is one of:

  • cbc — next block depends on previous (default)
  • ecb — each block is encrypted separately (for testing only)

padding is one of:

  • pkcs — data may be any length (default)
  • none — data must be multiple of cipher block size

The given encryption/decryption key MUST match length 16/24/32 bytes as required by aes-128/192/256.

Examples of type text
aes-cbc/pad:pkcs => AES algorithm, cbc mode, enabling padding
aes => AES algorithm, cbc mode, enabling padding
aes-ecb => AES algorithm, ecb mode, enabling padding
Example of raw encryption functions
SELECT encrypt('Hello, World!', 'my_secret_key111', 'aes-cbc/pad:pkcs');
(1 row)
Example of raw encryption functions
SELECT decrypt('\x9cf6a49f90b3ac816aeeeed286606fdb','my_secret_key111', 'aes-cbc/pad:pkcs');)
(1 row)

Help us make this doc better!