pyspark.sql.functions.aes_encrypt

pyspark.sql.functions.aes_encrypt(input: ColumnOrName, key: ColumnOrName, mode: Optional[ColumnOrName] = None, padding: Optional[ColumnOrName] = None, iv: Optional[ColumnOrName] = None, aad: Optional[ColumnOrName] = None) → pyspark.sql.column.Column[source]

Returns an encrypted value of input using AES in given mode with the specified padding. Key lengths of 16, 24 and 32 bits are supported. Supported combinations of (mode, padding) are (‘ECB’, ‘PKCS’), (‘GCM’, ‘NONE’) and (‘CBC’, ‘PKCS’). Optional initialization vectors (IVs) are only supported for CBC and GCM modes. These must be 16 bytes for CBC and 12 bytes for GCM. If not provided, a random vector will be generated and prepended to the output. Optional additional authenticated data (AAD) is only supported for GCM. If provided for encryption, the identical AAD value must be provided for decryption. The default mode is GCM.

New in version 3.5.0.

Parameters
inputColumn or str

The binary value to encrypt.

keyColumn or str

The passphrase to use to encrypt the data.

modeColumn or str, optional

Specifies which block cipher mode should be used to encrypt messages. Valid modes: ECB, GCM, CBC.

paddingColumn or str, optional

Specifies how to pad messages whose length is not a multiple of the block size. Valid values: PKCS, NONE, DEFAULT. The DEFAULT padding means PKCS for ECB, NONE for GCM and PKCS for CBC.

ivColumn or str, optional

Optional initialization vector. Only supported for CBC and GCM modes. Valid values: None or “”. 16-byte array for CBC mode. 12-byte array for GCM mode.

aadColumn or str, optional

Optional additional authenticated data. Only supported for GCM mode. This can be any free-form input and must be provided for both encryption and decryption.

Examples

>>> df = spark.createDataFrame([(
...     "Spark", "abcdefghijklmnop12345678ABCDEFGH", "GCM", "DEFAULT",
...     "000000000000000000000000", "This is an AAD mixed into the input",)],
...     ["input", "key", "mode", "padding", "iv", "aad"]
... )
>>> df.select(base64(aes_encrypt(
...     df.input, df.key, df.mode, df.padding, to_binary(df.iv, lit("hex")), df.aad)
... ).alias('r')).collect()
[Row(r='AAAAAAAAAAAAAAAAQiYi+sTLm7KD9UcZ2nlRdYDe/PX4')]

>>> df.select(base64(aes_encrypt(
...     df.input, df.key, df.mode, df.padding, to_binary(df.iv, lit("hex")))
... ).alias('r')).collect()
[Row(r='AAAAAAAAAAAAAAAAQiYi+sRNYDAOTjdSEcYBFsAWPL1f')]

>>> df = spark.createDataFrame([(
...     "Spark SQL", "1234567890abcdef", "ECB", "PKCS",)],
...     ["input", "key", "mode", "padding"]
... )
>>> df.select(aes_decrypt(aes_encrypt(df.input, df.key, df.mode, df.padding),
...     df.key, df.mode, df.padding).alias('r')
... ).collect()
[Row(r=bytearray(b'Spark SQL'))]

>>> df = spark.createDataFrame([(
...     "Spark SQL", "0000111122223333", "ECB",)],
...     ["input", "key", "mode"]
... )
>>> df.select(aes_decrypt(aes_encrypt(df.input, df.key, df.mode),
...     df.key, df.mode).alias('r')
... ).collect()
[Row(r=bytearray(b'Spark SQL'))]

>>> df = spark.createDataFrame([(
...     "Spark SQL", "abcdefghijklmnop",)],
...     ["input", "key"]
... )
>>> df.select(aes_decrypt(
...     unbase64(base64(aes_encrypt(df.input, df.key))), df.key
... ).cast("STRING").alias('r')).collect()
[Row(r='Spark SQL')]

previous

pyspark.sql.functions.aes_decrypt

next

pyspark.sql.functions.bitmap_bit_position