Raw Encryption Functions and Additional Features

<optional> <literal>/pad:</literal> <replaceable>padding</replaceable> </optional> </synopsis> where <replaceable>algorithm</replaceable> is one of: <itemizedlist> <listitem><para><literal>bf</literal> — Blowfish</para></listitem> <listitem><para><literal>aes</literal> — AES (Rijndael-128, -192 or -256)</para></listitem> </itemizedlist> and <replaceable>mode</replaceable> is one of: <itemizedlist> <listitem> <para> <literal>cbc</literal> — next block depends on previous (default) </para> </listitem> <listitem> <para> <literal>cfb</literal> — next block depends on previous encrypted block </para> </listitem> <listitem> <para> <literal>ecb</literal> — each block is encrypted separately (for testing only) </para> </listitem> </itemizedlist> and <replaceable>padding</replaceable> is one of: <itemizedlist> <listitem> <para> <literal>pkcs</literal> — data may be any length (default) </para> </listitem> <listitem> <para> <literal>none</literal> — data must be multiple of cipher block size </para> </listitem> </itemizedlist> </para> <para> So, for example, these are equivalent: <programlisting> encrypt(data, 'fooz', 'bf') encrypt(data, 'fooz', 'bf-cbc/pad:pkcs') </programlisting> </para> <para> In <function>encrypt_iv</function> and <function>decrypt_iv</function>, the <parameter>iv</parameter> parameter is the initial value for the CBC and CFB mode; it is ignored for ECB. It is clipped or padded with zeroes if not exactly block size. It defaults to all zeroes in the functions without this parameter. </para> </sect2> <sect2 id="pgcrypto-random-data-funcs"> <title>Random-Data Functions</title> <indexterm> <primary>gen_random_bytes</primary> </indexterm> <synopsis> gen_random_bytes(count integer) returns bytea </synopsis> <para> Returns <parameter>count</parameter> cryptographically strong random bytes. At most 1024 bytes can be extracted at a time. This is to avoid draining the randomness generator pool. </para> <indexterm> <primary>gen_random_uuid</primary> </indexterm> <synopsis> gen_random_uuid() returns uuid </synopsis> <para> Returns a version 4 (random) UUID. (Obsolete, this function internally calls the <link linkend="functions-uuid">core function</link> of the same name.) </para> </sect2> <sect2 id="pgcrypto-openssl-support-funcs"> <title>OpenSSL Support Functions</title> <indexterm> <primary>fips_mode</primary> </indexterm> <synopsis> fips_mode() returns boolean </synopsis> <para> Returns <literal>true</literal> if <productname>OpenSSL</productname> is running with FIPS mode enabled, otherwise <literal>false</literal>. </para> </sect2> <sect2 id="pgcrypto-configuration-parameters"> <title>Configuration Parameters</title> <para> There is one configuration parameter that controls the behavior of <filename>pgcrypto</filename>. </para> <variablelist> <varlistentry id="pgcrypto-configuration-parameters-builtin_crypto_enabled"> <term> <varname>pgcrypto.builtin_crypto_enabled</varname> (<type>enum</type>) <indexterm> <primary><varname>pgcrypto.builtin_crypto_enabled</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> <varname>pgcrypto.builtin_crypto_enabled</varname> determines if the built in crypto functions <function>gen_salt()</function>, and <function>crypt()</function> are available for

The document describes the syntax and usage of raw encryption functions, including the specification of algorithm, mode, and padding. It also introduces additional features such as random-data functions, including gen_random_bytes and gen_random_uuid, and OpenSSL support functions like fips_mode. Furthermore, it discusses configuration parameters, including pgcrypto.builtin_crypto_enabled, which controls the availability of built-in crypto functions.