Back to top
Documentation SurrealQL Functions Crypto functions

Crypto functions

These functions can be used when hashing data, encrypting data, and for securely authenticating users into the database.
Function Description
crypto::md5() Returns the md5 hash of a value
crypto::sha1() Returns the sha1 hash of a value
crypto::sha256() Returns the sha256 hash of a value
crypto::sha512() Returns the sha512 hash of a value
crypto::argon2::compare() Compares an argon2 hash to a password
crypto::argon2::generate() Generates a new argon2 hashed password
crypto::pbkdf2::compare() Compares an pbkdf2 hash to a password
crypto::pbkdf2::generate() Generates a new pbkdf2 hashed password
crypto::scrypt::compare() Compares an scrypt hash to a password
crypto::scrypt::generate() Generates a new scrypt hashed password

crypto::md5

The crypto::md5 function returns the md5 hash of the input value.

crypto::md5(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::md5("tobie");
"4768b3fc7ac751e03a614e2349abf3bf"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::md5(12345);
"827ccb0eea8a706c4c34a16891f84e7b"

crypto::sha1

The crypto::sha1 function returns the sha1 hash of the input value.

crypto::sha1(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::sha1("tobie");
"c6be709a1b6429472e0c5745b411f1693c4717be"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::sha1(12345);
"8cb2237d0679ca88db6464eac60da96345513964"

crypto::sha256

The crypto::sha256 function returns the sha256 hash of the input value.

crypto::sha256(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::sha256("tobie");
"33fe1859daba927ea5674813adc1cf34b9e2795f2b7e91602fae19c0d0c493af"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::sha256(12345);
"5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5"

crypto::sha512

The crypto::sha512 function returns the sha512 hash of the input value.

crypto::sha512(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::sha512("tobie");
"39f0160c946c4c53702112d6ef3eea7957ea8e1c78787a482a89f8b0a8860a20ecd543432e4a187d9fdcd1c415cf61008e51a7e8bf2f22ac77e458789c9cdccc"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::sha512(12345);
"3627909a29c31381a071ec27f7c9ca97726182aed29a7ddd2e54353322cfb30abb9e3a6df2ac2c20fe23436311d678564d0c8d305930575f60e2d3d048184d79"

crypto::argon2::compare

The crypto::argon2::compare function compares a hashed-and-salted argon2 password value with an unhashed password value.

crypto::argon2::compare(value, value) -> boolean

The following example shows this function, and its output, when used in a select statement:

LET $hash = "$argon2id$v=19$m=4096,t=3,p=1$pbZ6yJ2rPJKk4pyEMVwslQ$jHzpsiB+3S/H+kwFXEcr10vmOiDkBkydVCSMfRxV7CA";
LET $pass = "this is a strong password";
SELECT * FROM crypto::argon2::compare($hash, $pass);
true

crypto::argon2::generate

The crypto::argon2::generate function hashes and salts a password using the argon2 hashing algorithm.

crypto::argon2::generate(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::argon2::generate("this is a strong password");
"$argon2id$v=19$m=4096,t=3,p=1$pbZ6yJ2rPJKk4pyEMVwslQ$jHzpsiB+3S/H+kwFXEcr10vmOiDkBkydVCSMfRxV7CA"

crypto::pbkdf2::compare

The crypto::pbkdf2::compare function compares a hashed-and-salted pbkdf2 password value with an unhashed password value.

crypto::pbkdf2::compare(value, value) -> boolean

The following example shows this function, and its output, when used in a select statement:

LET $hash = "$pbkdf2-sha256$i=10000,l=32$DBURRPJODKEt0IId1Lqe+w$Ve8Z00mibHDSKLbyKTceEBBcDpGoK0AEUl7QzDTIec4";
LET $pass = "this is a strong password";
SELECT * FROM crypto::pbkdf2::compare($hash, $pass);
true

crypto::pbkdf2::generate

The crypto::pbkdf2::generate function hashes and salts a password using the pbkdf2 hashing algorithm.

crypto::pbkdf2::generate(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::pbkdf2::generate("this is a strong password");
"$pbkdf2-sha256$i=10000,l=32$DBURRPJODKEt0IId1Lqe+w$Ve8Z00mibHDSKLbyKTceEBBcDpGoK0AEUl7QzDTIec4"

crypto::scrypt::compare

The crypto::scrypt::compare function compares a hashed-and-salted scrypt password value with an unhashed password value.

crypto::scrypt::compare(value, value) -> boolean

The following example shows this function, and its output, when used in a select statement:

LET $hash = "$scrypt$ln=15,r=8,p=1$8gl7bipl0FELTy46YJOBrw$eRcS1qR22GI8VHo58WOXn9JyfDivGo5yTJFvpDyivuw";
LET $pass = "this is a strong password";
SELECT * FROM crypto::scrypt::compare($hash, $pass);
true

crypto::scrypt::generate

The crypto::scrypt::generate function hashes and salts a password using the scrypt hashing algorithm.

crypto::scrypt::generate(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::scrypt::generate("this is a strong password");
"$scrypt$ln=15,r=8,p=1$8gl7bipl0FELTy46YJOBrw$eRcS1qR22GI8VHo58WOXn9JyfDivGo5yTJFvpDyivuw"