Skip to main content

Raw encryption functions

Please note they solely apply a cipher to the data and do not provide additional security measures. 
encrypt(data bytea, key bytea, type text) -> bytea
decrypt(data bytea, key bytea, type text) -> bytea
The cipher method is specified by type. The syntax of the type string is: 
algorithm [-mode][/pad:padding]
algorithm is:
  • aes — AES (Rijndael-128, -192 or -256)
mode is one of:
  • cbc — next block depends on previous (default)
  • ecb — each block is encrypted separately (for testing only)
padding is one of:
  • pkcs — data may be any length (default)
  • none — data must be multiple of cipher block size
The given encryption/decryption key MUST match length 16/24/32 bytes as required by aes-128/192/256.
of type text
aes-cbc/pad:pkcs => AES algorithm, cbc mode, enabling padding
aes => AES algorithm, cbc mode, enabling padding
aes-ecb => AES algorithm, ecb mode, enabling padding
Example of raw encryption functions
SELECT encrypt('Hello, World!', 'my_secret_key111', 'aes-cbc/pad:pkcs');
----RESULT
\x9cf6a49f90b3ac816aeeeed286606fdb
(1 row)
Example of raw encryption functions
SELECT decrypt('\x9cf6a49f90b3ac816aeeeed286606fdb','my_secret_key111', 'aes-cbc/pad:pkcs');)
----RESULT
\x48656c6c6f2c20576f726c6421
(1 row)

hmac

Returns the HMAC result regarding the input secret, payload and hash algorithm. Please refer to HMAC for more information in cryptography. Currently, the supported hash algorithms for hash_algo are sha1 and sha256.
Syntax
hmac (secret varchar, payload bytea, hash_algo varchar) -> signature bytea
Example
SELECT hmac('secret', 'payload'::bytea, 'sha256');
----RESULT
\xb82fcb791acec57859b989b430a826488ce2e479fdf92326bd0a2e8375a42ba4
(1 row)