Sign inTry Free

AES_DECRYPT

On this page

Decrypts the given ciphertext using the AES (Advanced Encryption Standard) algorithm, with a 128-bit key or a 256-bit key.

Syntax

AES_DECRYPT(
    ciphertext,
    key
    [, initialization_vector=null]
    [, encryption_mode=@AES_DEFAULT_ENCRYPTION_MODE])

Arguments

  • ciphertext: the binary data to decrypt.

  • key: the text or binary key to use for decryption.

  • initialization_vector (IV): initial state for a cryptographic algorithm

    • For ECB (Electronic Code Book mode): not applicable, hence the argument should not be used or NULL should be passed.

    • For GCM (Galois/Counter Mode): can contain either text or binary value.

    • For CBC (Cipher Block Chaining): can contain either text or binary value.

  • encryption_mode: optionally an encryption mode string that can be aes-128-ecb, aes-256-ecb, aes-128-gcm, aes-256-gcm, aes-128-cbc, aes-256-cbc.   If not provided, the value from the global variable AES_DEFAULT_ENCRYPTION_MODE will be used as the default.

Return Type

The plain text, or NULL if the key does not decrypt the ciphertext because either the IV isn't the same as used for encryption or incorrect encryption mode is provided.

Remarks

  • Encryption Algorithm: AES

  • Key Size: 128 bit or 256-bit

  • Operation Mode:

    • ECB: Electronic Code Book mode

    • GCM: Galois/Counter Mode

    • CBC: Cipher Block Chaining

  • IV (initialization vector): Not used, Used for GCM and CBC.

Examples

Note: the UNHEX function is used in this example to make it easier to handle binary data.

Decryption with 128 bit keys and ECB operation mode 

SELECT AES_DECRYPT(unhex('C958FF3BC0134ADE4A8F952338C1FAEC'), 'ohai');
+-------------------------------------------------------------------------+
| AES_DECRYPT(unhex('C958FF3BC0134ADE4A8F952338C1FAEC'), 'ohai'           |     
+-------------------------------------------------------------------------+
| secret message                                                          |   
+-------------------------------------------------------------------------+
SELECT AES_DECRYPT(UNHEX('C958FF3BC0134ADE4A8F952338C1FAEC'), 'ohai', NULL, 'aes-128-ecb');
+--------------------------------------------------------------------------------------+
| AES_DECRYPT(UNHEX('C958FF3BC0134ADE4A8F952338C1FAEC'), 'ohai', NULL, 'aes-128-ecb')  |
+--------------------------------------------------------------------------------------+
| secret message                                                                       |
+--------------------------------------------------------------------------------------+

See How to Encrypt and Decrypt using an Init Vector

Related Topics

AES_ENCRYPT

Last modified: February 27, 2023

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK