Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Cryptographic functions

The ENCRYPT() and DECRYPT() functions are used to encrypt and decrypt individual values. Sensitive data is protected against unauthorized access by encryption. Only the users who know the “key” can decrypt the data.

The REP_OF_VALUE() and VALUE_OF_REP() functions can be used to jointly encrypt multiple values and to decrypt them again.

Introductory information on access control by means of data encryption in SESAM/SQL is provided in the “ Core manual”.

crypto_function ::= { ENCRYPT ( expression , key ) | DECRYPT ( expression2 , key , data_type ) }

key ::= expression

expression

Expression whose value is to be encrypted. expression must not be a multiple value with dimension > 1.

expression2

Alphanumeric expression whose value is to be encrypted. expression2 must not be a multiple value with dimension > 1.

key

Key for encryption and decryption.

data_type

Data type of the decrypted value.data_type must not be an aggregate (see "Values for multiple columns").

Application information

Since the encryption algorithm AES (see the “ Core manual”) - as it is used in SESAM/SQL - processes blocks of 16 characters, the length of the output value is always a multiple of 16 characters. If two input values differ in only one bit, all the characters in their encrypted values will differ.

Encrypted values can be compared to see whether they are identical or not identical. They are identical or not identical precisely when the unencrypted values are identical or not identical. The unencrypted values must have the same data type here. In the case of strings the unencrypted values must also have the same length.

However, the comparisons 01 = 1.0 and 'abc' = 'abc ' each returns the truth value TRUE although the encryptions of these four values are all different.

Other comparisons (e.g. with < or <=) of encrypted values return results which have nothing to do with the corresponding comparisons of the unencrypted values. The predicates BETWEEN and LIKE do not make sense for encrypted data, either. The same applies for sorting by means of ORDER BY.

The encryption of a NULL value returns the NULL value of the corresponding data type. Whether or not a value is a NULL value is therefore not confidential information when encryption takes place. The encryption of a string with the length 0, on the other hand, returns a string with the length 16. Without knowing the key no distinction can be made from the encryptions of strings with 1 to 14 alphanumeric characters.

CAUTION!Encrypted values can normally not be encrypted if they are truncated or extended (even if the new length is a multiple of 16). A column with encrypted values should therefore, for example, not have the data type CHAR(20) because then 4 blanks would be added to each encrypted value. These blanks would have to be removed again before encryption could take place.
Powered by Atlassian Confluence and Scroll Viewport.