# AES\_ENCRYPT

## Syntax

{% tabs %}
{% tab title="Current" %}

```sql
AES_ENCRYPT(str, key, [, iv [, mode]])
```

{% endtab %}

{% tab title="< 11.2" %}

```sql
AES_ENCRYPT(str,key_str)
```

{% endtab %}
{% endtabs %}

## Description

`AES_ENCRYPT()` and [AES\_DECRYPT()](/docs/server/reference/sql-functions/secondary-functions/encryption-hashing-and-compression-functions/aes_decrypt.md) allow encryption and decryption of data using the official AES (Advanced Encryption Standard) algorithm, previously known as "Rijndael." Encoding with a 128-bit key length is used (from [MariaDB 11.2.0](/docs/release-notes/community-server/old-releases/11.2/11.2.0.md), this is the default, and can be changed). 128 bits is much faster and is secure enough for most purposes.

`AES_ENCRYPT()` encrypts a string *`str`* using the key *`key_str`*, and returns a binary string.

`AES_DECRYPT()` decrypts the encrypted string and returns the original string.

The input arguments may be any length. If either argument is `NULL`, the result of this function is also `NULL`.

Because AES is a block-level algorithm, padding is used to encode uneven length strings and so the result string length may be calculated using this formula:

```sql
16 x (trunc(string_length / 16) + 1)
```

If `AES_DECRYPT()` detects invalid data or incorrect padding, it returns `NULL`. However, it is possible for `AES_DECRYPT()` to return a non-`NULL` value (possibly garbage) if the input data or the key is invalid.

**MariaDB starting with** [**11.2**](/docs/release-notes/community-server/old-releases/11.2/what-is-mariadb-112.md)

{% tabs %}
{% tab title="Current" %}
The function supports an initialization vector, and control of the block encryption mode. The default mode is specified by the [block\_encryption\_mode](/docs/server/server-management/variables-and-modes/server-system-variables.md#block_encryption_mode) system variable, which can be changed when calling the function with a mode. *mode* is aes-{128,192,256}-{ecb,cbc,ctr} for example: "AES-128-cbc".\
`AES_ENCRYPT(str, key)` can no longer be used in persistent virtual columns (and the like).
{% endtab %}

{% tab title="Tab 2" %}
The function does **not** support an initialization vector.
{% endtab %}
{% endtabs %}

## Examples

{% tabs %}
{% tab title="Current" %}

```sql
SELECT HEX(AES_ENCRYPT('foo', 'bar', '0123456789abcdef', 'aes-256-cbc')) AS x;
+----------------------------------+
| x                                |
+----------------------------------+
| 42A3EB91E6DFC40A900D278F99E0726E |
+----------------------------------+
```

{% endtab %}

{% tab title="< 11.2" %}

```sql
INSERT INTO t VALUES (AES_ENCRYPT('text',SHA2('password',512)));
```

{% endtab %}
{% endtabs %}

## See Also

* [RANDOM\_BYTES()](/docs/server/reference/sql-functions/secondary-functions/encryption-hashing-and-compression-functions/random_bytes.md) is a function for generating good encryption keys for `AES_ENCRYPT`.
* [KDF()](/docs/server/reference/sql-functions/secondary-functions/encryption-hashing-and-compression-functions/kdf.md) is a key derivation function which is useful if an authentication validation against the value is required without data being able to be decrypted.

<sub>*This page is licensed: GPLv2, originally from*</sub> [<sub>*fill\_help\_tables.sql*</sub>](https://github.com/MariaDB/server/blob/main/scripts/fill_help_tables.sql)

{% @marketo/form formId="4316" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/server/reference/sql-functions/secondary-functions/encryption-hashing-and-compression-functions/aes_encrypt.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.