FirebirdSQL logo
 Procedural SQL (PSQL) StatementsAggregate Functions 

DECRYPT Examples

select decrypt(x'0154090759DF' using sober128 key 'AbcdAbcdAbcdAbcd' iv '01234567')
  from rdb$database;
select decrypt(secret_field using aes mode ofb key '0123456701234567' iv init_vector)
  from secure_table;
See also

[fblangref50-scalarfuncs-encrypt], [fblangref50-scalarfuncs-rsadecrypt]

ENCRYPT()

Encrypts data using a symmetric cipher

Result type

VARBINARY or BLOB

Syntax
ENCRYPT ( input
  USING <algorithm> [MODE <mode>]
  KEY key
  [IV iv] [<ctr_type>] [CTR_LENGTH ctr_length]
  [COUNTER initial_counter] )

<algorithm> ::= <block_cipher> | <stream_cipher>

<block_cipher> ::=
    AES | ANUBIS | BLOWFISH | KHAZAD | RC5
  | RC6 | SAFER+ | TWOFISH | XTEA

<stream_cipher> ::= CHACHA20 | RC4 | SOBER128

<mode> ::= CBC | CFB | CTR | ECB | OFB

<ctr_type> ::= CTR_BIG_ENDIAN | CTR_LITTLE_ENDIAN
Table 1. ENCRYPT Function Parameters
Parameter Description

input

Input to encrypt as a blob or (binary) string

algorithm

The algorithm to use for decryption

mode

The algorithm mode;only for block ciphers

key

The encryption/decryption key

iv

Initialization vector or nonce;should be specified for block ciphers in all modes except ECB, and all stream ciphers except RC4

ctr_type

Endianness of the counter;only for CTR mode.Default is CTR_LITTLE_ENDIAN.

ctr_length

Counter length;only for CTR mode.Default is size of iv.

initial_counter

Initial counter value;only for CHACHA20.Default is 0.
Note

  • This function returns BLOB SUB_TYPE BINARY when the first argument is a BLOB, and VARBINARY for all other text and binary types.

  • Sizes of data strings (like key and iv) must meet the requirements of the selected algorithm and mode, see table [fblangref50-scalarfuncs-tbl-encrypt-req].

    • In general, the size of iv must match the block size of the algorithm

    • For ECB and CBC mode, input must be multiples of the block size, you will need to manually pad with zeroes or spaces as appropriate.

  • The ins and outs of the various algorithms and modes are considered beyond the scope of this language reference.We recommend searching the internet for further details on the algorithms.

  • Although specified as separate options in this Language Reference, in the actual syntax CTR_LENGTH and COUNTER are aliases.
Table 2. Encryption Algorithm Requirements
Algorithm Key size (bytes) Block size (bytes) Notes

Block Ciphers

AES

16, 24, 32

16

Key size determines the AES variant:
16 bytes → AES-128
24 bytes → AES-192
32 bytes → AES-256

ANUBIS

16 - 40, in steps of 4 (4x)

16

 

BLOWFISH

8 - 56

8

 

KHAZAD

16

8

 

RC5

8 - 128

8

 

RC6

8 - 128

16

 

SAFER+

16, 24, 32

16

 

TWOFISH

16, 24, 32

16

 

XTEA

16

8

 

Stream Ciphers

CHACHA20

16, 32

1

Nonce size (IV) is 8 or 12 bytes.For nonce size 8, initial_counter is a 64-bit integer, for size 12, 32-bit.

RC4

5 - 256

1

 

SOBER128

4x

1

Nonce size (IV) is 4y bytes, the length is independent of key size.