Defining columns for data encrypted using the ENCRYPT_DATAKEY built-in function.
When data is encrypted using the ENCRYPT_DATAKEY built-in function, it is returned as a binary data string. Therefore, encrypted data should be stored in columns that are defined as VARBINARY or BLOB.
About this task
The resulting data type of the ENCRYPT_DATAKEY function is determined by the data type of the first argument. If the data type of the expression argument is BIGINT, INTEGER, DECIMAL, CHAR, VARCHAR, GRAPHIC, or VARGRAPHIC, the resulting data type is VARBINARY. If the data type of the expression argument is CLOB or DBCLOB, the resulting data type is BLOB.
Columns that hold encrypted data also require additional bytes to hold a header.
- Length attribute of result in byes = (((length attribute of source data in bytes +16-1)/16)*16)+15- byte fixed header +64 bytes for length attribute of key label.
- Actual length of result in bytes = (((actual length of source data in bytes +16-1)/16)*16)+15-byte fixed header + variable length key label in bytes.
The actual length of the result can be longer than the length of expression. Therefore, when assigning a resulting encrypted value, the target must be defined with a length attribute that can contain the entire encrypted value.
The result can be null; if expression is null, the result is the null value.
