Encryption and Masking Functions

Doris provides a set of built-in scalar functions for encryption, decryption, hash digest, and data masking, commonly used in SQL to protect sensitive fields such as phone numbers, ID numbers, and password digests. This page indexes these functions by category. For detailed syntax, parameters, and examples, refer to the corresponding SQL manual page for each function.

Applicable Scenarios

Scenario	Recommended Function
Symmetric encryption/decryption of sensitive fields (international algorithm)	AES_ENCRYPT / AES_DECRYPT
Symmetric encryption/decryption of sensitive fields (Chinese national algorithm)	SM4_ENCRYPT / SM4_DECRYPT
Generate irreversible hash digests (such as password storage or data verification)	MD5, MD5SUM, SM3, SM3SUM, SHA, SHA2
Mask fields such as phone numbers and ID numbers in query output	DIGITAL_MASKING

Function Categories

All built-in encryption and masking functions are listed below, grouped by algorithm family.

Symmetric Encryption Functions

Used to perform reversible encryption and decryption on fields.

Function	Algorithm Family	Description
AES_ENCRYPT	AES (international standard)	AES encryption
AES_DECRYPT	AES (international standard)	AES decryption
SM4_ENCRYPT	SM4 (Chinese national standard)	SM4 encryption
SM4_DECRYPT	SM4 (Chinese national standard)	SM4 decryption

Hash Digest Functions

Used to generate fixed-length, irreversible digests, commonly used for password storage and data integrity verification.

Function	Algorithm Family	Description
MD5	MD5	Compute MD5 digest
MD5SUM	MD5	Compute MD5 checksum
SM3	SM3 (Chinese national standard)	Compute SM3 digest
SM3SUM	SM3 (Chinese national standard)	Compute SM3 checksum
SHA	SHA	Compute SHA digest
SHA2	SHA-2	Compute SHA-2 digest

Data Masking Functions

Used to display sensitive fields with masking in query output.

Function	Description
DIGITAL_MASKING	Mask numeric strings such as phone numbers and bank card numbers