Function-based Encryption

Data encryption is widely used in information systems to prevent unauthorized access and data leakage. As the core of an information system, the GaussDB(DWS) data warehouse also provides data encryption functions, including transparent encryption and encryption using SQL functions.

GaussDB(DWS) provides hash functions and symmetric cryptographic algorithms to encrypt and decrypt columns. Hash functions include sha256, sha384, sha512, and SM3. Symmetric cryptographic algorithms include AES128, AES192, AES256, and SM4.

Hash functions
- md5(string)
  Use MD5 to encrypt string and return a hexadecimal value. MD5 is insecure and is not recommended.
- gs_hash(hashstr, hashmethod)
  Obtains the digest string of a hashstr string based on the algorithm specified by hashmethod. hashmethod can be sha256, sha384, sha512, or sm3.
Symmetric cryptographic algorithms
- gs_encrypt(encryptstr, keystr, cryptotype, cryptomode, hashmethod)
  Encrypts an encryptstr string using the keystr key based on the cryptographic algorithm specified by cryptotype and cryptomode and the HMAC algorithm specified by hashmethod, and returns the encrypted string.
- gs_decrypt(decryptstr, keystr, cryptotype, cryptomode, hashmethod)
  Decrypts a decryptstr string using the keystr key based on the cryptographic algorithm specified by cryptotype and cryptomode and the HMAC algorithm specified by hashmethod, and returns the decrypted string. The keystr used for decryption must be the same as that used for encryption.
- gs_encrypt_aes128(encryptstr,keystr)
  Encrypts encryptstr strings using keystr as the key and returns encrypted strings. The length of keystr ranges from 1 to 16 bytes.
- gs_decrypt_aes128(decryptstr,keystr)
  Decrypts a decryptstr string using the keystr key and returns the decrypted string. The keystr used for decryption must be the same as that used for encryption. keystr cannot be empty.