VarChar Encryption UDFs
VarChar Encryption UDFs in Trino
This section provides a list of VarChar encryption UDFs for the protect, unprotect, and reprotect operations.
ptyStringEnc()
This UDF encrypts the Varchar value.
Signature:
ptyStringEnc(varchar input, varchar DataElement)
Parameters:
| Name | Type | Description |
|---|---|---|
input | VarChar | Specifies the data to encrypt. |
dataElement | VarChar | Specifies the name of the data element to encrypt the data. |
Warning:
- The string encryption UDFs are limited to accept 2 GB data size at maximum as input.
- Ensure that the field size for the protected binary data post the required encoding does not exceed the 2 GB input limit.
- The field size to store the input data is dependent on the encryption algorithm selected, such as, AES-128, AES-256, 3DES, and CUSP, and the encoding type selected, such as, No Encoding, Base64, and Hex.
- Ensure to set the input data size based on the required encryption algorithm and encoding so that the it does not exceed the 2 GB input limit.
Returns:
This UDF returns the encrypted Varbinary value.
Example:
select ptyStringEnc('ProtegrityProt','AES128_DE');
Exception:
ptyTrinoProtectorException:INPUT-ERROR: Tokenization or Format Preserving Data Elements are not supported: An unsupported data element is provided.java.io.IOException:Too many bytes before newline: 2147483648: The length of the input needs to be less than the maximum limit of 2 GB.
Supported Protection Methods:
| Function Name | Tokenization | Encryption | FPE | No Encryption | Masking | Monitoring |
| ptyStringEnc() | No |
| No | Yes | No | Yes |
ptyStringDec()
This UDF decrypts the Varbinary value.
Signature:
ptyStringDec(varbinary input, varchar DataElement)
Parameters:
| Name | Type | Description |
|---|---|---|
input | VarBinary | Specifies the data to decrypt. |
dataElement | VarChar | Specifies the name of the data element to decrypt the data. |
Returns:
This UDF returns the decrypted VarChar value.
Example:
select ptyStringDec(ptyStringEnc('ProtegrityProt','AES128_DE'),'AES128_DE');
Exception:
ptyTrinoProtectorException:INPUT-ERROR: First argument (Input Data to be unprotected) is not a valid Binary Datatype: The input data, which is not in binary format is provided.ptyHiveProtectorException:INPUT-ERROR: Tokenization or Format Preserving Data Elements are not supported: An unsupported data element is provided.
Supported Protection Methods:
| Function Name | Tokenization | Encryption | FPE | No Encryption | Masking | Monitoring |
| ptyStringDec() | No |
| No | Yes | No | Yes |
ptyStringReEnc()
This UDF re-encrypts the Varbinary format encrypted data with a different data element.
Signature:
ptyStringReEnc(varbinary input, varchar oldDataElement, varchar newDataElement)
Parameters:
| Name | Type | Description |
|---|---|---|
input | VarBinary | Specifies the VarBinary value to re-encrypt. |
oldDataElement | VarChar | Specifies the name of the data element that was initially used to encrypt the data. |
newDataElement | VarChar | Specifies the name of the new data element to re-encrypt the data. |
Returns:
This UDF returns the Varbinary format data, which is re-encrypted.
Example:
select ptyStringReEnc(ptyStringEnc('ProtegrityProt','AES128_DE'),'AES128_DE','new_AES128_DE');
Exception:
ptyTrinoProtectorException:INPUT-ERROR: First argument (Input Data to be reprotected) is not a valid Binary Datatype: The input data, which is not in binary format is provided.java.io.IOException:Too many bytes before newline: 2147483648: The length of the input needs to be less than the maximum limit of 2 GB.com.protegrity.hive.udf.ptyTrinoProtectorException:26, Unsupported algorithm or unsupported action for the specific data element: An unsupported data element is provided.
Supported Protection Methods:
| Function Name | Tokenization | Encryption | FPE | No Encryption | Masking | Monitoring |
| ptyStringDec() | No |
| No | Yes | No | Yes |
Feedback
Was this page helpful?