encrypt()
The encrypt() function encrypts binary data using a specified cipher algorithm and key, and returns the result as binary.
Syntax
encrypt(CIPHER, KEY, DATA[, IV])
Parameters
CIPHER- A string in
algorithm/mode/paddingformat. If mode and padding are omitted and only the algorithm is specified, the default values for that algorithm are applied.
Refer to the Java Security Standard Algorithm Names documentation for available algorithms, modes, and paddings.
Note
The following formats are required to be supported by all Java implementations. The DES and DESede algorithms and ECB mode are insecure; use them only when required for compatibility with external systems. The number in parentheses indicates encryption bits.
- AES/CBC/NoPadding (128)
- AES/CBC/PKCS5Padding (128)
- AES/ECB/NoPadding (128)
- AES/ECB/PKCS5Padding (128)
- AES/GCM/NoPadding (128)
- DES/CBC/NoPadding (56)
- DES/CBC/PKCS5Padding (56)
- DES/ECB/NoPadding (56)
- DES/ECB/PKCS5Padding (56)
- DESede/CBC/NoPadding (168)
- DESede/CBC/PKCS5Padding (168)
- DESede/ECB/NoPadding (168)
- DESede/ECB/PKCS5Padding (168)
- RSA/ECB/PKCS1Padding (1024, 2048)
- RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
- RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)
- AES/CBC/NoPadding (128)
- AES/CBC/PKCS5Padding (128)
- AES/ECB/NoPadding (128)
- AES/ECB/PKCS5Padding (128)
- AES/GCM/NoPadding (128)
- DES/CBC/NoPadding (56)
- DES/CBC/PKCS5Padding (56)
- DES/ECB/NoPadding (56)
- DES/ECB/PKCS5Padding (56)
- DESede/CBC/NoPadding (168)
- DESede/CBC/PKCS5Padding (168)
- DESede/ECB/NoPadding (168)
- DESede/ECB/PKCS5Padding (168)
- RSA/ECB/PKCS1Padding (1024, 2048)
- RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
- RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)
KEY- A binary key of the size required by the specified cipher algorithm. Key lengths by algorithm are as follows.
- AES: choose from 16 bytes (128-bit), 24 bytes (192-bit), or 32 bytes (256-bit)
- RSA: choose from 128 bytes (1024-bit) or 256 bytes (2048-bit)
DATA- The binary data to encrypt.
IV- A binary initialization vector (IV) required by operation modes such as CBC.
Description
The encrypt() function uses the Java Cipher class to encrypt binary data with the specified cipher algorithm and key, and returns the result as binary.
Returns null if KEY or DATA is null or not a binary type. If IV is specified, it must also be a binary type; otherwise null is returned. Returns null if an error occurs during encryption.
Caution
Logpresso supports a variety of cipher algorithms provided by Java for compatibility. However, avoid using insecure algorithms or modes such as the DES family or ECB mode.
Error codes
| Error code | Description |
|---|---|
| 90660 | Fewer than 3 parameters were provided. |
| 90661 | An invalid cipher algorithm was specified. |
Usage examples
-
Encrypt data with the AES algorithm
json "{}" | eval key = frombase64("mRcOlK9V47rjVL/RBYQYRw=="), data = encode("hello, world!"), encrypted = tobase64(encrypt("AES", key, data)) | # encrypted: y7+NQQ9/9xGtbBq5pgBvCA== -
Encrypt with an IV specified in CBC mode
json "{}" | eval key = frombase64("mRcOlK9V47rjVL/RBYQYRw=="), iv = randbytes(16), data = encode("hello, world!"), encrypted = encrypt("AES/CBC/PKCS5Padding", key, data, iv) -
KEYorDATAisnulljson "{}" | eval result = encrypt("AES", null, encode("data")) | # result: null
Compatibility
The encrypt() function has been available since before Sonar 4.0.