trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [trafodion] robertamarton commented on a change in pull request #1825: [TRAFODION-3293] Add the AES_ENCRYPT Function in the Trafodion SQL Reference Manual
Date Mon, 08 Apr 2019 16:55:16 GMT
robertamarton commented on a change in pull request #1825: [TRAFODION-3293] Add the AES_ENCRYPT
Function in the Trafodion SQL Reference Manual
URL: https://github.com/apache/trafodion/pull/1825#discussion_r273144283
 
 

 ##########
 File path: docs/sql_reference/src/asciidoc/_chapters/sql_functions_and_expressions.adoc
 ##########
 @@ -487,6 +487,141 @@ LARGEINT if the precision of the argument is greater than or equal
to
 ABS (-20 + 12)
 ```
 
+<<<
+[[aes_encrypt_function]]
+== AES_ENCRYPT Function
+ 
+The AES_ENCRYPT function encrypts a `_string_` using a specified encryption `_key_` with
the AES (Advanced Encryption Standard) algorithm and returns a binary string. 
+
+This function prevents sensitive data from being visible to the public. For example, use
the AES_ENCRYPT function to encrypt person identity number to preserve user confidentiality.
+
+`AES_ENCRYPT (_string_, _key_)`
+
+[[syntax_description_of_aes_encrypt]]
+=== Syntax Description of AES_ENCRYPT
+
+* `_string_` 
++
+is the data to be encrypted. 
+
+* `_key_` 
++
+is the encryption key to encrypt the `_string_`.
+
++
+TIP: The CQD `block_encryption_mode` controls the mode for the block-based encryption algorithm.
The default mode is the aes-128-ecb, which means the encryption using a key length of 128
bits and the ECB mode.
+
++
+[cols="50%,50%"]
+|===
+^| *Value* ^| *Mode*
+^| 0 ^| aes-128-ecb
+^| 1 ^| aes-192-ecb
+^| 2 ^| aes-256-ecb
+|===
+
++
+*Example*
+
++
+The following examples show that the AES_ENCRYPT function returns the different results based
on the different modes. 
+
++
+** The mode aes_192_ecb is in effect.
+
++
+```
+CQD BLOCK_ENCRYPTION_MODE '1';
+
+--- SQL operation complete.
+```
+
++
+```
+SELECT AES_ENCRYPT ('Technical_Writer','Coder') FROM DUAL;
+
+(EXPR)
+--------------------------------
+4}\îî¢Ø­ã^ûh<á¼Æ7õé³ê!cH^Ð
+```
+
++
+** The mode aes_256_ecb is in effect. 
+
++
+```
+CQD BLOCK_ENCRYPTION_MODE '2';
+
+--- SQL operation complete.
+```
+
++
+```
+SELECT AES_ENCRYPT ('Technical_Writer','Coder') FROM DUAL;
+
+(EXPR)
+--------------------------------
+Ô_8ÆðÑ=Uú2g1¥@°Ô3yä­
+
+--- 1 row(s) selected.
+```
+
+[[considerations_for_aes_encrypt]]
+=== Considerations for AES_ENCRYPT 
+
+Either argument cannot be NULL. 
 
 Review comment:
   It looks like openssl defines the max key length to use.  Its size depends on the version
of openSSL installed.  On development systems it is 64 (/usr/bin/openssl/evp.h) but it looks
like it can go up to 512 and beyond (https://github.com/openssl/openssl/issues/4777).
   
   I looked up openssl here is what it states for encrypted length (https://www.openssl.org/docs/man1.0.2/man3/EVP_EncryptUpdate.html):
   
   EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the encrypted version
to out. This function can be called multiple times to encrypt successive blocks of data. The
amount of data written depends on the block alignment of the encrypted data: as a result the
amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) so
out should contain sufficient room. The actual number of bytes written is placed in outl.
   
   So, I guess for now, not mention the encrypted length until we can come up with a formula.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message