Given an input character string, return an encrypted value using a key. See also DECRYPT_KS.

ENCRYPT_KS(input_expression, key [, algorithm [, ivec]])
This function returns a Base64-encoded VARCHAR value that is slightly larger than the input expression. The formula depends on the algorithm specified:
  • If algorithm 1, 2, or 3 is explicitly specified as a constant in the function:
    VARCHAR(CEIL((input * 8) / 6))
  • Otherwise (algorithm = constant > 3, not specified, or not a constant, such as the result of an expression):
    VARCHAR(CEIL((512 + input) / 3) * 4)


A VARCHAR expression, such as a character column in a table, a substring of a column, or a concatenation of character strings from multiple columns. This expression represents the sensitive data that you want to protect and encrypt on output.
The name of a key created with the CREATE KEY command.
The specific encryption algorithm that you want to use (optional). Valid entries are 1 through 9. The default is 1. All of these algorithms use Output Feedback Mode (OFB). For more details, see Encryption and Decryption Algorithms.

The algorithm that you select determines the required size of the key value: 128, 192, or 256 bits. The size of the initialization vector (ivec) for all three algorithms is 128 bits.

When the input key or ivec is too short, the input data is expanded to produce the required length by appending the input provided. When the input key or the ivec is too long, the extra input is folded into the required input, starting from the beginning, using XOR logic.

An initialization vector for the algorithm (optional). You must specify a hexadecimal string or an expression that evaluates to a hexadecimal string. If you specify a vector, you must also specify an algorithm. Changing the vector but using the same key has the effect of re-scrambling the output for a given input expression. See Encrypting Sensitive Data. See also the description of the algorithm parameter for information about the required length of the ivec value.