Raw encryption functions

Please note they solely apply a cipher to the data and do not provide additional security measures.

encrypt(data bytea, key bytea, type text) -> bytea
decrypt(data bytea, key bytea, type text) -> bytea

The cipher method is specified by type. The syntax of the type string is:

algorithm [-mode][/pad:padding]

algorithm is:

  • aes — AES (Rijndael-128, -192 or -256)

mode is one of:

  • cbc — next block depends on previous (default)
  • ecb — each block is encrypted separately (for testing only)

padding is one of:

  • pkcs — data may be any length (default)
  • none — data must be multiple of cipher block size

The given encryption/decryption key MUST match length 16/24/32 bytes as required by aes-128/192/256.

of type text
aes-cbc/pad:pkcs => AES algorithm, cbc mode, enabling padding
aes => AES algorithm, cbc mode, enabling padding
aes-ecb => AES algorithm, ecb mode, enabling padding
Example of raw encryption functions
SELECT encrypt('Hello, World!', 'my_secret_key111', 'aes-cbc/pad:pkcs');
(1 row)
Example of raw encryption functions
SELECT decrypt('\x9cf6a49f90b3ac816aeeeed286606fdb','my_secret_key111', 'aes-cbc/pad:pkcs');)
(1 row)


Returns the HMAC result regarding the input secret, payload and hash algorithm. Please refer to HMAC for more information in cryptography. Currently, the supported hash algorithms for hash_algo are sha1 and sha256.

hmac (secret varchar, payload bytea, hash_algo varchar) -> signature bytea
SELECT hmac('secret', 'payload'::bytea, 'sha256');
(1 row)