> ## Documentation Index
> Fetch the complete documentation index at: https://docs.risingwave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cryptographic functions

> Raw encryption functions are basic encryption functions that perform encryption and decryption of data using cryptographic algorithms.

## `Raw encryption functions`

Please note they solely apply a cipher to the data and do not provide additional security measures.

```sql theme={null}
encrypt(data bytea, key bytea, type text) -> bytea
decrypt(data bytea, key bytea, type text) -> bytea
```

The cipher method is specified by `type`. The syntax of the `type` string is:

```
algorithm [-mode][/pad:padding]
```

`algorithm` is:

* aes — AES (Rijndael-128, -192 or -256)

`mode` is one of:

* cbc — next block depends on previous (default)
* ecb — each block is encrypted separately (for testing only)

`padding` is one of:

* pkcs — data may be any length (default)
* none — data must be multiple of cipher block size

<Note>
  The given encryption/decryption key MUST match length 16/24/32 bytes as required by aes-128/192/256.
</Note>

```Examples of type text theme={null}
aes-cbc/pad:pkcs => AES algorithm, cbc mode, enabling padding
aes => AES algorithm, cbc mode, enabling padding
aes-ecb => AES algorithm, ecb mode, enabling padding
```

```sql Example of raw encryption functions theme={null}
SELECT encrypt('Hello, World!', 'my_secret_key111', 'aes-cbc/pad:pkcs');
----RESULT
\x9cf6a49f90b3ac816aeeeed286606fdb
(1 row)
```

```sql Example of raw encryption functions theme={null}
SELECT decrypt('\x9cf6a49f90b3ac816aeeeed286606fdb','my_secret_key111', 'aes-cbc/pad:pkcs');)
----RESULT
\x48656c6c6f2c20576f726c6421
(1 row)

```

## `hmac`

Returns the `HMAC` result regarding the input secret, payload and hash algorithm. Please refer to [`HMAC`](https://en.wikipedia.org/wiki/HMAC) for more information in cryptography. Currently, the supported hash algorithms for `hash_algo` are `sha1` and `sha256`.

```sql Syntax theme={null}
hmac (secret varchar, payload bytea, hash_algo varchar) -> signature bytea
```

```sql Example theme={null}
SELECT hmac('secret', 'payload'::bytea, 'sha256');
----RESULT
\xb82fcb791acec57859b989b430a826488ce2e479fdf92326bd0a2e8375a42ba4
(1 row)
```
