fpe_encrypt() and fpe_decrypt() functions

The fpe_encrypt() and fpe_decrypt() functions encrypt an integer value into a ciphertext integer value and decrypt a ciphertext integer value into an integer value.

Format-preserving encryption (FPE) is a process of encrypting data such that the resulting encrypted ciphertext has the same format (data type) as that of the input value. The FPE routines are implemented by using the Botan open source library.

Syntax

The fpe_encrypt() function has the following syntax:

bigint = fpe_encrypt(bigint number, varchar(ANY) key, varchar(ANY) iv, bigint mask);

The fpe_decrypt() function has the following syntax:

bigint = fpe_decrypt(bigint number, varchar(ANY) key, varchar(ANY) iv, bigint mask);

The number value specifies the integer value to encrypt or the ciphertext value to decrypt. You can specify an integer that is up to 16 digits in length. If you input a float or double value to the function, the function rounds the value and converts it to an integer.

The key value specifies a symmetric key that is used to encrypt or decrypt the integer value. You should keep the key value secure. You must specify the same key for encryption and decryption.

The iv is the initialization vector (IV) value for the encryption or decryption. This is the value that is typically used for encrypting the first block value. You must specify the same IV for encryption and decryption.

The mask value is an integer that must have a length that is one digit greater than the length of the input value. For example, if the input integer has five digits, such as 12345, the mask must have a length of six digits, such as 123456. You must specify the same mask for encryption and decryption.

Returns

The functions return an encrypted or decrypted value.

Example

select fpe_encrypt (8768,'XXXX','0',10000);
FPE_ENCRYPT
-----------
       6559
(1 row)

select fpe_decrypt(6559,'XXXX','0',10000);
FPE_DECRYPT
-----------
       8768
(1 row)