diff --git a/docs/en/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md b/docs/en/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md index ab93459615..26e079bd7d 100644 --- a/docs/en/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md +++ b/docs/en/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md @@ -24,70 +24,141 @@ under the License. ## AES_ENCRYPT +### Name + +AES_ENCRYPT + ### description -encryption of data using the official AES + +Encryption of data using the OpenSSL. This function is consistent with the `AES_ENCRYPT` function in MySQL. Using AES_128_ECB algorithm by default, and the padding mode is PKCS7. + #### Syntax -`VARCHAR AES_ENCRYPT(str,key_str[,init_vector])` +``` +AES_ENCRYPT(str,key_str[,init_vector]) +``` + +#### Arguments + +- `str`: Content to be encrypted +- `key_str`: Secret key +- `init_vector`: Initialization Vector + +#### Return Type + +VARCHAR(*) + +#### Remarks + +The AES_ENCRYPT function is not used the user secret key directly, but will be further processed. The specific steps are as follows: +1. Determine the number of bytes of the SECRET KEY according to the encryption algorithm used. For example, if you using AES_128_ECB, then the number of bytes of SECRET KEY are `128 / 8 = 16`(if using AES_256_ECB, then SECRET KEY length are `128 / 8 = 32`); +2. Then XOR the `i` bit and the `16*k+i` bit of the SECRET KEY entered by the user. If the length of the SECRET KEY less than 16 bytes, 0 will be padded; +3. Finally, use the newly generated key for encryption; ### example +```sql +select to_base64(aes_encrypt('text','F3229A0B371ED2D9441B830D21A390C3')); ``` -MySQL > select to_base64(AES_ENCRYPT('text','F3229A0B371ED2D9441B830D21A390C3')); + +The results are consistent with those executed in MySQL. + +```text +--------------------------------+ | to_base64(aes_encrypt('text')) | +--------------------------------+ | wr2JEDVXzL9+2XtRhgIloA== | +--------------------------------+ -1 row in set (0.010 sec) +1 row in set (0.01 sec) +``` -MySQL> set block_encryption_mode="AES_256_CBC"; -Query OK, 0 rows affected (0.006 sec) +If you want to change other encryption algorithms, you can: -MySQL > select to_base64(AES_ENCRYPT('text','F3229A0B371ED2D9441B830D21A390C3', '0123456789')); +```sql +set block_encryption_mode="AES_256_CBC"; +select to_base64(aes_encrypt('text','F3229A0B371ED2D9441B830D21A390C3', '0123456789')); +``` + +Here is the result: + +```text +-----------------------------------------------------+ | to_base64(aes_encrypt('text', '***', '0123456789')) | +-----------------------------------------------------+ | tsmK1HzbpnEdR2//WhO+MA== | +-----------------------------------------------------+ -1 row in set (0.011 sec) +1 row in set (0.01 sec) ``` +For more information about `block_encryption_mode`, see also [variables](../../../advanced/variables.md). + ### keywords AES_ENCRYPT ## AES_DECRYPT -### description -decryption of data using the official AES +### Name + +AES_DECRYPT + +### Description + +Decryption of data using the OpenSSL. This function is consistent with the `AES_DECRYPT` function in MySQL. Using AES_128_ECB algorithm by default, and the padding mode is PKCS7. + #### Syntax -`VARCHAR AES_DECRYPT(str,key_str[,init_vector])` +``` +AES_DECRYPT(str,key_str[,init_vector]) +``` + +#### Arguments + +- `str`: Content that encrypted +- `key_str`: Secret key +- `init_vector`: Initialization Vector + +#### Return Type + +VARCHAR(*) ### example +```sql +select aes_decrypt(from_base64('wr2JEDVXzL9+2XtRhgIloA=='),'F3229A0B371ED2D9441B830D21A390C3'); ``` -MySQL > select AES_DECRYPT(FROM_BASE64('wr2JEDVXzL9+2XtRhgIloA=='),'F3229A0B371ED2D9441B830D21A390C3'); + +The results are consistent with those executed in MySQL. + +```text +------------------------------------------------------+ | aes_decrypt(from_base64('wr2JEDVXzL9+2XtRhgIloA==')) | +------------------------------------------------------+ | text | +------------------------------------------------------+ -1 row in set (0.012 sec) +1 row in set (0.01 sec) +``` -MySQL> set block_encryption_mode="AES_256_CBC"; -Query OK, 0 rows affected (0.006 sec) +If you want to change other encryption algorithms, you can: -MySQL > select AES_DECRYPT(FROM_BASE64('tsmK1HzbpnEdR2//WhO+MA=='),'F3229A0B371ED2D9441B830D21A390C3', '0123456789'); +```sql +set block_encryption_mode="AES_256_CBC"; +select aes_decrypt(from_base64('tsmK1HzbpnEdR2//WhO+MA=='),'F3229A0B371ED2D9441B830D21A390C3', '0123456789'); +``` + +Here is the result: + +```text +---------------------------------------------------------------------------+ | aes_decrypt(from_base64('tsmK1HzbpnEdR2//WhO+MA=='), '***', '0123456789') | +---------------------------------------------------------------------------+ | text | +---------------------------------------------------------------------------+ -1 row in set (0.012 sec) +1 row in set (0.01 sec) ``` +For more information about `block_encryption_mode`, see also [variables](../../../advanced/variables.md). + ### keywords - AES_ENCRYPT, AES_DECRYPT + AES_DECRYPT diff --git a/docs/zh-CN/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md b/docs/zh-CN/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md index c657540108..c8643430a6 100644 --- a/docs/zh-CN/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md +++ b/docs/zh-CN/docs/sql-manual/sql-functions/encrypt-digest-functions/aes.md @@ -24,73 +24,141 @@ under the License. ## AES_ENCRYPT -### description -Aes 加密函数 +### Name + +AES_ENCRYPT + +### Description + +Aes 加密函数。该函数与 MySQL 中的 `AES_ENCRYPT` 函数行为一致。默认采用 AES_128_ECB 算法,padding 模式为 PKCS7。底层使用 OpenSSL 库进行加密。 + #### Syntax -`VARCHAR AES_ENCRYPT(str,key_str[,init_vector])` - -返回加密后的结果 - -### example - ``` -MySQL > select to_base64(AES_ENCRYPT('text','F3229A0B371ED2D9441B830D21A390C3')); +AES_ENCRYPT(str,key_str[,init_vector]) +``` + +#### Arguments + +- `str`: 待加密的内容 +- `key_str`: 密钥 +- `init_vector`: 初始向量 + +#### Return Type + +VARCHAR(*) + +#### Remarks + +AES_ENCRYPT 函数对于传入的密钥,并不是直接使用,而是会进一步做处理,具体步骤如下: +1. 根据使用的加密算法,确定密钥的字节数,比如使用 AES_128_ECB 算法,则密钥字节数为 `128 / 8 = 16`(如果使用 AES_256_ECB 算法,则密钥字节数为 `128 / 8 = 32`); +2. 然后针对用户输入的密钥,第 `i` 位和第 `16*k+i` 位进行异或,如果用户输入的密钥不足 16 位,则后面补 0; +3. 最后,再使用新生成的密钥进行加密; + +### Example + +```sql +select to_base64(aes_encrypt('text','F3229A0B371ED2D9441B830D21A390C3')); +``` + +结果与在 MySQL 中执行的结果一致,如下: + +```text +--------------------------------+ | to_base64(aes_encrypt('text')) | +--------------------------------+ | wr2JEDVXzL9+2XtRhgIloA== | +--------------------------------+ -1 row in set (0.010 sec) +1 row in set (0.01 sec) +``` -MySQL> set block_encryption_mode="AES_256_CBC"; -Query OK, 0 rows affected (0.006 sec) +如果你想更换其他加密算法,可以 -MySQL > select to_base64(AES_ENCRYPT('text','F3229A0B371ED2D9441B830D21A390C3', '0123456789')); +```sql +set block_encryption_mode="AES_256_CBC"; +select to_base64(aes_encrypt('text','F3229A0B371ED2D9441B830D21A390C3', '0123456789')); +``` + +结果如下: + +```text +-----------------------------------------------------+ | to_base64(aes_encrypt('text', '***', '0123456789')) | +-----------------------------------------------------+ | tsmK1HzbpnEdR2//WhO+MA== | +-----------------------------------------------------+ -1 row in set (0.011 sec) +1 row in set (0.01 sec) ``` -### keywords + +关于 `block_encryption_mode` 可选的值可以参见:[变量章节](../../../advanced/variables.md)。 + +### Keywords AES_ENCRYPT ## AES_DECRYPT -### description -Aes 解密函数 +### Name + +AES_DECRYPT + +### Description + +Aes 解密函数。该函数与 MySQL 中的 `AES_DECRYPT` 函数行为一致。默认采用 AES_128_ECB 算法,padding 模式为 PKCS7。底层使用 OpenSSL 库进行加密。 + #### Syntax -`VARCHAR AES_DECRYPT(str,key_str[,init_vector])` - -返回解密后的结果 - -### example - ``` -MySQL > select AES_DECRYPT(FROM_BASE64('wr2JEDVXzL9+2XtRhgIloA=='),'F3229A0B371ED2D9441B830D21A390C3'); +AES_DECRYPT(str,key_str[,init_vector]) +``` + +#### Arguments + +- `str`: 已加密的内容 +- `key_str`: 密钥 +- `init_vector`: 初始向量 + +#### Return Type + +VARCHAR(*) + +### Example + +```sql +select aes_decrypt(from_base64('wr2JEDVXzL9+2XtRhgIloA=='),'F3229A0B371ED2D9441B830D21A390C3'); +``` + +结果与在 MySQL 中执行的结果一致,如下: + +```text +------------------------------------------------------+ | aes_decrypt(from_base64('wr2JEDVXzL9+2XtRhgIloA==')) | +------------------------------------------------------+ | text | +------------------------------------------------------+ -1 row in set (0.012 sec) +1 row in set (0.01 sec) +``` -MySQL> set block_encryption_mode="AES_256_CBC"; -Query OK, 0 rows affected (0.006 sec) +如果你想更换其他加密算法,可以 -MySQL > select AES_DECRYPT(FROM_BASE64('tsmK1HzbpnEdR2//WhO+MA=='),'F3229A0B371ED2D9441B830D21A390C3', '0123456789'); +```sql +set block_encryption_mode="AES_256_CBC"; +select AES_DECRYPT(FROM_BASE64('tsmK1HzbpnEdR2//WhO+MA=='),'F3229A0B371ED2D9441B830D21A390C3', '0123456789'); +``` + +结果如下: + +```text +---------------------------------------------------------------------------+ | aes_decrypt(from_base64('tsmK1HzbpnEdR2//WhO+MA=='), '***', '0123456789') | +---------------------------------------------------------------------------+ | text | +---------------------------------------------------------------------------+ -1 row in set (0.012 sec) +1 row in set (0.01 sec) ``` -### keywords +关于 `block_encryption_mode` 可选的值可以参见:[变量章节](../../../advanced/variables.md)。 - AES_ENCRYPT, AES_DECRYPT +### Keywords + + AES_DECRYPT