DECRYPT_BINARY Function

The DECRYPT_BINARY function accepts as its first argument an encrypted_data large object of type BLOB or CLOB. You must specify a password as its second argument, unless the SET ENCRYPTION statement has specified as the default for this session the same password by which the first argument was encrypted.

If the call to DECRYPT_BINARY is successful, it returns a BLOB or CLOB large object that contains the plain text version of the encrypted_data argument. The decrypted BLOB or CLOB object is temporarily stored in the default sbspace that the SBSPACENAME configuration parameter setting specifies.

If the first argument to DECRYPT_BINARY is an encrypted value of a character data type, HCL OneDB™ invokes the DECRYPT_CHAR function and attempts to decrypt the specified value.

If the first argument to DECRYPT_BINARY is not an encrypted value, or if the second argument (or the default password specified by SET ENCRYPTION) is not the password that was used when the first argument was encrypted, HCL OneDB issues an error, and the call to DECRYPT_BINARY fails. (See the description of the GETHINT Function for one possible action to take when you cannot remember the password that was used for encryption.)

Do not use DECRYPT_BINARY (or any other decryption function) to create a functional index on an encrypted column. This would store the decrypted values as plain text data in the database, defeating the purpose of encryption.

For additional information about using data encryption in column values of HCL OneDB databases, see Encryption and decryption functions, and SET ENCRYPTION PASSWORD statement.