lriggs opened a new issue, #45693: URL: https://github.com/apache/arrow/issues/45693
### Describe the bug, including details regarding any error messages, version, and platform. The aes encrypt and decrypt function only uses the first 15 characters of the cipher. ``` select base64(aes_encrypt('Dremio', 'mypassword1234567890')); select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword1234567890') -> Dremio select base64(aes_encrypt('Dremio', 'mypassword1234567890')); select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword12345678') -> Dremio select base64(aes_encrypt('Dremio', 'mypassword1234567890')); select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword1234562222222') -> Dremio ``` So for cipher was used only mypassword123456 But ``` select base64(aes_encrypt('Dremio', 'mypassword1234567890')); select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword123459') -> SigSev exception ``` or ``` select base64(aes_encrypt('Dremio', 'mypassword1234567890')); select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword12345') -> SigSev exception ``` So after investigation gandiva code I can confirm that for encryption used EVP_aes_128_ecb method. It use 128 bits key length (128 bits == 16 bytes ~ 16 chars) - that is why we have this behaviour. I checked specification for openssl and how hive iml works: aes_ecrypt/decrypt support 128, 192, 254 bit key and this strict requirement - key should be 16 or 24 or 32 chars. If not - hive for example, will return null. ### Component(s) C++ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@arrow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org