Sign inTry Free

AES_ENCRYPT

On this page

Encrypts the given plaintext using the AES (Advanced Encryption Standard) algorithm with a 128-bit key .

Syntax

AES_ENCRYPT(plaintext, key)

Arguments

  • plaintext: the binary string data to encrypt

  • key: the text or binary string key to use for encryption

Return Type

The "ciphertext" of encrypted data, in binary.

Remarks

  • Encryption Algorithm: AES

  • Key Size: 128 bit

  • Operation Mode:

    • ECB: Electronic Code Book mode

  • IV (initialization vector): Not used,

Examples

Note: the HEX function is used in this example to make it easier to handle/display binary data.

SELECT HEX(AES_ENCRYPT('secret message', 'ohai'));
+--------------------------------------------+
| HEX(AES_ENCRYPT('secret message', 'ohai')) |
+--------------------------------------------+
| C958FF3BC0134ADE4A8F952338C1FAEC           |
+--------------------------------------------+

If you do not use an IV, an attacker may be able to learn things about your encrypted data by noticing that the same value encrypted twice with the same key produces the same ciphertext. Instead, use a new IV for each encryption. That way, encrypting the same value twice with the same key and a different IV will result in different cyphertext. A common practice is to store the IV next to the ciphertext in another column. Here’s an example of this approach.

Related Topics

AES_DECRYPT

Last modified: February 27, 2023

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK