Converts source data into a particular format, and returns a MEMPTR containing the encrypted data (a binary byte stream).

You must use the same cryptographic algorithm, initialization vector, and encryption key values to encrypt and decrypt the same data instance.

Syntax

ENCRYPT ( data-to-encrypt [ , encrypt-key [ , iv-value [ , algorithm 
    [, tag [, aad ] ] ]]] )
Note: The tag and aad parameters are applicable only to the AES_GCM_128, AES_GCM_192 and AES_GCM_256 encryption algorithms. They are not applicable to other supported encryption algorithms.
data-to-encrypt
The source data to encrypt. The value may be of type CHARACTER, LONGCHAR, RAW, or MEMPTR.
encrypt-key
An optional RAW expression that evaluates to the name of the encryption key (a binary value) to use in encrypting the specified data. If you specify the Unknown value (?), the current value of the SYMMETRIC-ENCRYPTION-KEY attribute is used. If the value of the SYMMETRIC-ENCRYPTION-KEY attribute is also the Unknown value (?), the AVM generates a run-time error.

You can generate this encryption key, based on the PKCS#5/RFC 2898 standard, by using either the GENERATE-PBE-KEY function or the GENERATE-RANDOM-KEY function.

Note: If you use the GENERATE-RANDOM-KEY function to generate an encryption key, be sure to invoke the function before invoking the ENCRYPT function (not within the ENCRYPT function, which would render the key irretrievable).

The AVM compares the size of the specified encryption key to the key size specified by the cryptographic algorithm. If the key sizes are inconsistent, the AVM generates a run-time error.

You are responsible for generating, storing, and transporting this value.

iv-value
An optional RAW expression that evaluates to an initialization vector value to use with the specified encryption key in the encryption operation. Using an initialization vector value increases the strength of the specified encryption key (that is, it makes the key more unpredictable). If you specify the Unknown value (?), the current value of the SYMMETRIC-ENCRYPTION-IV attribute is used.
algorithm
An optional CHARACTER expression that evaluates to the name of the symmetric cryptographic algorithm to use in encrypting the specified data instance. If you specify the Unknown value (?), the current value of the SYMMETRIC-ENCRYPTION-ALGORITHM attribute is used.

For a list the supported cryptographic algorithms, see the SYMMETRIC-SUPPORT attribute reference entry.

Note: If FIPS mode is enabled and an algorithm is specified that is not approved by the National Institute of Standards and Technology (NIST), the AVM generates a run-time error.
tag (Authentication Tag)
For AES_GCM encryption, a mandatory MEMPTR expression of a cryptographic checksum generated on the unencrypted data and additional authenticated data. It is designed to reveal both accidental errors and the intentional modification of the data.
aad (Additional Authenticated Data)
For AES_GCM encryption, an optional RAW expression of input data that is authenticated but not encrypted.

See also

DECRYPT function, SECURITY-POLICY system handle