TINES_ENCRYPTEncrypts text using Tines encryption. TINES_ENCRYPT is intentionally abstract. Guarantees: authenticated encryption; safe key and IV management with randomized 192-bit IVs and negligible collision probability (no IV reuse even under very high volume); TINES_DECRYPT will always decrypt the output; and, when the OpenSSL FIPS provider is enabled, a FIPS 140–validated crypto module is used. If you need to know or control the exact algorithm, use OPENSSL_ENCRYPT instead.
Implementation note (non-binding; subject to change): currently AES-256-GCM via OpenSSL with a randomized 192-bit IV; a 96-bit segment is used in key derivation; and a SHA-256 HMAC commitment tag over the ciphertext, IV, and auth tag. Arguments:
text: Plaintext to encrypt.
key: Text of at least 32 bytes. Longer keys are condensed to 32 bytes internally via domain separated HMAC.
expires_in: Integer seconds (>= 0). 0 expires immediately (second granularity; subject to clock skew). Negative values raise an error.
TINES_ENCRYPT(text, key, [expires_in])Formula | TINES_ENCRYPT("hello world", CREDENTIAL.secret_key, expires_in: 60) |
You can also click "Copy actions" and paste them in your Tines story to see how they work.