Dbms_crypto encrypt date number datatype

Similar Messages

• Dbms_crypto package for number and date data type

  Hi,
  I am using Oracle 10g 10.2.0.3 on Linux 64 bit
  I am tryiing to use dbms_crypto package for the first time to encypt my tables column
  Following are my table columns
  NAME1 VARCHAR2(2000),
  ID1 NUMBER,
  SCORE number
  This table is already populated
  i want to encrypt Name1 and Score column. Following are the functions i have created for Encryption and decryption.
  --For Encryption
  create or replace function get_enc_val
  p_in in varchar2,
  p_key in raw
  return raw is
  l_enc_val raw (2000);
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  begin
  l_enc_val := dbms_crypto.encrypt
  UTL_I18N.STRING_TO_RAW
  (p_in, 'AL32UTF8'),
  l_mod,
  p_key
  return l_enc_val;
  end;
  --For Decryption
  create or replace function get_dec_val
  p_in in raw,
  p_key in raw
  return varchar2
  is
  l_ret varchar2 (2000);
  l_dec_val raw (2000);
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  begin
  l_dec_val := dbms_crypto.decrypt
  p_in,
  l_mod,
  p_key
  l_ret:= UTL_I18N.RAW_TO_CHAR
  (l_dec_val, 'AL32UTF8');
  return l_ret;
  end;
  Key: I have stored a key in other schema and calling it by using function get_key().
  Following is my insert
  INSERT INTO Score_table VALUES
  (get_enc_val('John',get_key()),25,get_enc_val(79,get_key()))
  it is giving me following error
  ORA-00932:Inconsistent Datatypes:Expected number got binary.
  I checked, it is an error due to Score field, which is of number type. So do i need to change type of Score field to varchar or is there any other way to encrypt number and date field.
  If i need to change the type then what will happen to the data already in Table and how do i encrypt data already in table.

  Hi,
  Is there any one who can tell me that, do i need to change my table column data type as the encrypted value will be character.

• How to convert number datatype to raw datatype for use in data warehouse?

  I am picking up the work of another grad student who assembled the initial data for a data warehouse, mapped out a dimensional dw and then created then initial fact and dimension tables. I am using oracle enterprise 11gR2. The student was new to oracle and used datatypes of NUMBER (without a length - defaulting to number(38) for dimension keys. The dw has 1 fact table and about 20 dimension tables at this point.
  Before refining the dw further, I have to translate all these dimension tables and convert all columns of Number and Number(n) (where n=1-38) to raw datatype with a length. The goal is to compact the size of the dw database significantly. With only a few exceptions every number column is a dimension key or attribute.
  The entire dw db is now sitting in a datapump dmp file. this has to be imported to the db instance and then somehow converted so all occurrences of a number datatype into raw datatypes. BTW, there are other datatypes present such as varchar2 and date.
  I discovered that datapump cannot convert number to raw in an import or export, so the instance tables once loaded using impdp will be the starting point.
  I found there is a utl_raw package delivered with oracle to facilitate using the raw datatype. This has a numbertoraw function. Never used it and am unsure how to incorporate this in the table conversions. I also hope to use OWB capabilities at some point but I have never used it and only know that it has a lot of analytical capabilities. As a preliminary step I have done partial imports and determined the max length of every number column so I can alter the present schema number columns tp be an apporpriate max length for each column in each table.
  Right now I am not sure what the next step is. Any suggestions for the data conversion steps would be appreciated.

  Hi there,
  The post about "Convert Numbers" might help in your case. You might also interested in "Anydata cast" or transformations.
  Thanks,

• Using number datatype for date column

  Hi
  Is there a side effect for using "number" datatype for "date" column?
  If so, what is the disadvantage?
  Many thanks

  Hi,
  Ora_83 wrote:
  Hi
  Is there a side effect for using "number" datatype for "date" column?
  If so, what is the disadvantage?Yes, there's a definite disadvantage.
  Oracle provides date arithmetic and a number of functions for manipulating DATEs. None of them work with numbers.
  For example,
  SELECT    TRUNC (order_date, 'MONTH')     AS order_month
  ,       AVG (ship_date - order_date)     AS avg_delay
  FROM       orders
  GROUP BY  TRUNC (order_date, 'MONTH')
  ;order_month involves a DATE function; it's pretty easy to find the month that conatins order_date.
  avg_delay involves date arithmetic. It's extrememly easy to find how much the time passed between order_date and ship_date.
  Depending on how you code dates as numbers, doing either one of the above may be just as easy, but doing the other will be very difficult. You'll waste a lot of effort converting the NUMBERs to real DATEs whenever you need to manipulate them.
  Validation can be very difficult for NUMBERs, also.
  Watch this forum. It's a rare day when there's not some question about how to get around a problem caused by storing dates in a NUMBER (or VARCHAR2) column. Don't add to that. Always use DATE columns for dates.

• DBMS_Crypto.Encrypt

  Reference to the site:
  http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
  I have created get_enc_val function in the database.
  function get_enc_val
  p_in in varchar2,
  p_key in raw
  return raw is
  l_enc_val raw (2000);
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  begin
  l_enc_val := dbms_crypto.encrypt
  UTL_I18N.STRING_TO_RAW
  (p_in, 'AL32UTF8'),
  l_mod,
  p_key
  return l_enc_val;
  end;
  When i run the following:
  create table test(res_id varchar2(19), res_salary raw(2000));
  insert into test
  (res_id, res_salary)
  values
  ('001',
  get_enc_val (
  '2000', dbms_crypto.randombytes (128))
  System shows error:
  ORA-28239: no key provided
  ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
  ORA-06512: at "SYS.DBMS_CRYPTO", line 10
  ORA-06512: at "BMS.GET_ENC_VAL", line 12
  Can anybody help? Thanks a lot!

  DECLARE
  input_string VARCHAR2(16) := 'tigertigertigert';
  raw_input RAW(128) :=
  UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
  key_string VARCHAR2(8) := 'scottsco';
  raw_key RAW(128) :=
  UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII'));
  encrypted_raw RAW(2048);
  encrypted_string VARCHAR2(2048);
  decrypted_raw RAW(2048);
  decrypted_string VARCHAR2(2048);
  -- 1. Begin testing Encryption BEGIN
  dbms_output.put_line('> Input String : ' ||
  CONVERT(UTL_RAW.CAST_TO_VARCHAR2(raw_input),'US7ASCII','AL32UTF8'));
  dbms_output.put_line('> ========= BEGIN TEST Encrypt =========');
  encrypted_raw := dbms_crypto.Encrypt(
  src => raw_input,
  typ => DBMS_CRYPTO.DES_CBC_PKCS5,
  key => raw_key);
  dbms_output.put_line('> Encrypted hex value : ' ||
  rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)));
  decrypted_raw := dbms_crypto.Decrypt(
  src => encrypted_raw,
  typ => DBMS_CRYPTO.DES_CBC_PKCS5,
  key => raw_key);
  decrypted_string :=
  CONVERT(UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw),'US7ASCII','AL32UTF8');
  dbms_output.put_line('> Decrypted string output : ' ||
  decrypted_string);
  if input_string = decrypted_string THEN
  dbms_output.put_line('> String DES Encyption and Decryption successful');
  END if; dbms_output.put_line(''); dbms_output.put_line('> ========= BEGIN TEST Hash =========');
  encrypted_raw := dbms_crypto.Hash(
  src => raw_input,
  typ => DBMS_CRYPTO.HASH_SH1);
  dbms_output.put_line('> Hash value of input string : ' ||
  rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)));
  dbms_output.put_line('> ========= BEGIN TEST Mac =========');
  encrypted_raw := dbms_crypto.Mac(
  src => raw_input,
  typ => DBMS_CRYPTO.HMAC_MD5,
  key => raw_key);
  dbms_output.put_line('> Message Authentication Code : ' ||
  rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)));
  dbms_output.put_line(''); dbms_output.put_line('> End of DBMS_CRYPTO tests '); END; /
  error:
  dbms_output.put_line('> Input String : ' ||
  ERROR at line 17:
  ORA-06550: line 17, column 12:
  PLS-00103: Encountered the symbol "." when expecting one of the following:
  constant exception <an identifier>
  <a double-quoted delimited-identifier> table LONG_ double ref
  char time timestamp interval date binary national character
  nchar
  The symbol "<an identifier>" was substituted for "." to continue.
  ORA-06550: line 19, column 12:
  PLS-00103: Encountered the symbol "." when expecting one of the following:
  constant exception <an identifier>
  <a double-quoted delimited-identifier> table LONG_ double ref
  char time timestamp interval date binary national chara
  ORA-06550: line 20, column 15:
  PLS-00103: Encountered the symbol "=" when expecting one of the following:
  constant exception <an identifier>
  <a double-quoted delimited-identifier> table LONG_ double ref
  char time timestamp interval date binary national chara
  ORA-06550: line 26, column 15:
  PLS-00103: Encountered the symbol "." when expecting one of the following:
  constant exception <an iden
  Please help quickly.

• ** How to encrypt data when saving it in DB directly?

  Hi All,
  I want a method to encrypt data in the database when saving it directly
  that is when any one enabled to see the data he will see it encrypted!

  Hi..
  What is the oracle database version???
  As you want the users to see the encypted data, the best option is use DBMS_CRYPTO to encrypt the data.
  [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_crypto.htm]
  [http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php]
  HTH
  Anand
  Edited by: Anand... on Oct 19, 2009 2:11 PM

• Encrypting data J2ME

  Hi
  I am developing a number of applications using J2ME. They run on mobile phones and need to be able to send data to a server. I need to encrypt this data as it contains personal information about the user. I cant use HTTPS because some of the applications use MIDP 1.0 and only support HTTP.
  So I want to encrypt the data myself and I was wondering if you could help me with my approach and answer some questions...
  I think the best way is to use RSA public/private keys in combination with a symmetric encrypting algorithm. So the mobile will have the public key part and the server will have the private key. The data will be encrypted using a symmetric algorithm. The key used in the encryption will then be encrypted using the public key. Both the encrypted key and the encrypted data will then be sent to the server. The server uses its private key to decrypt the key and then use the key to decrypt the data.
  How does that sound? I will be using Bouncy Castle crypto. What is the best way to generate a public/private key pair? I then need to somehow include the public key with the application. Should I randomly generate the symmetric key myself?
  Also what algorithm would you suggest for encrypting the data. Remember that it is on a resource constrained mobile device.
  If you have any other comments I would like to hear them. Thanks for your time.

  Thanks for the pointer. The thing is we changed our minds. We discovered strong encryption was not needed since our scheme is like the DVD encryption. The data is unencrypted by the application used by the person that does not have to know the data.
  We went with Rot13. jeje
  Thanks anyway.

• Problem while modifying number datatype.

  Hi All,
  I have modified a column, which is of number datatype.
  Initially it was number(8,2), now I have changed this to Number(10,2).
  But, due to some change in requirement, I have to revese the changes. Now, I am trying to make it Number(8,2), but it is giving me the following error.
  Error report:
  SQL Error: ORA-01440: column to be modified must be empty to decrease precision or scale
  01440. 00000 - "column to be modified must be empty to decrease precision or scale"
  Is there a way to make it?
  Please suggest..
  I am using Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production.
  Thnx in advance..
  Bits..

  You'd have to jump through some hoops to decrease the allowable number of digits in a column. You'd either have to re-create the table, i.e.
  -- Save off the data in FOO
  ALTER TABLE foo
    RENAME TO foo_bkup;
  CREATE TABLE foo (
    -- New column definitions
  INSERT /*+ APPEND */ INTO foo( list_of_columns )
    SELECT list_of_columns
      FROM foo_bkupOr you could create a new column, copy the data, and rename the old column
  ALTER TABLE foo
     ADD( temp_col_name number(8,2) );
  UPDATE foo
     SET temp_col_name = old_col_name;
  ALTER TABLE foo
    DROP COLUMN old_col_name;
  ALTER TABLE foo
    RENAME COLUMN temp_col_name TO old_col_name;Justin

• Domain of Number datatype

  Hi all,
  Recently i came across one of the most wierd situation across my whole Oracle experience of almost 3 Yrs. I created a table TESTAB (using Oracle 9i) as
  NUMBER_F NUMBER
  NUMBER_PS NUMBER(5,2)
  VARCHAR_F VARCHAR2(10)
  CHAR_F CHAR(10)
  Then i inserted a row as
  Insert into testab values ('0123.23', '099.34','Asim','Ahmed');
  and it accepted the data for Number datatype in single qoutes and automatically parse it for Number datatype.!!!
  SQL> select * from testab;
  NUMBER_F NUMBER_PS VARCHAR_F CHAR_F
  1 3.34
  23 34.34
  2.23 2.33 asim ahmed
  123.23 99.34 Asim Ahmed
  Can somebody explain is that the correct behaviour ! If it is, then i must say it is really shocking behavious for such a mature database like Oracle !
  Asim Ahmed.

  This feature is called 'implicit conversion'
  http://download-west.oracle.com/docs/cd/B10501_01/appdev.920/a96624/03_types.htm#3435

• Number datatype in designer import

  Having Designer model number datatype columns or domains that do not have Col Decimal Places defined. Only maximum length is populated. Data Modeler designer import do not populate values to Precision nor Scale. Precision should be set.

  Identifed as a code bug. According to former metalink. Tobe fixed in a future version.

• How to update precision value in number datatype

  hello all
  i hava a database containing data in that there is a table which contan a number datatype
  that is number(10)
  the table contain large amount of data
  now i need the precision value 2
  that is number(10,2)
  how i can update is
  i try alter command the do this bu the error is there the table contain data
  so please suggest the solution
  thanks in advance

  The number of columsn has nothing to do with it. The number of rows has nothing to do with it.
  Here is a step-by-step example to address your problem. I will change DATA_OBJECT_ID from NUMBER to NUMBER(10,2) even though there are thousands of rows in the table, the column is "in the middle " of the table, and there are many rows with non-null values in that column.
  07:02:43 > create table t3 as select * from all_objects;
  Table created.
  Elapsed: 00:00:06.22
  07:04:08 > desc t3
  Name                                      Null?    Type
  OWNER                                     NOT NULL VARCHAR2(30)
  OBJECT_NAME                               NOT NULL VARCHAR2(30)
  SUBOBJECT_NAME                                     VARCHAR2(30)
  OBJECT_ID                                 NOT NULL NUMBER
  DATA_OBJECT_ID                                     NUMBER
  OBJECT_TYPE                                        VARCHAR2(19)
  CREATED                                   NOT NULL DATE
  LAST_DDL_TIME                             NOT NULL DATE
  TIMESTAMP                                          VARCHAR2(19)
  STATUS                                             VARCHAR2(7)
  TEMPORARY                                          VARCHAR2(1)
  GENERATED                                          VARCHAR2(1)
  SECONDARY                                          VARCHAR2(1)
  NAMESPACE                                 NOT NULL NUMBER
  EDITION_NAME                                       VARCHAR2(30)
  07:04:12 > alter table t3 modify (data_object_id number(10));
  alter table t3 modify (data_object_id number(10))
  ERROR at line 1:
  ORA-01440: column to be modified must be empty to decrease precision or scale
  Elapsed: 00:00:00.98
  07:08:05 > select count(*), min(data_object_id), max(data_object_id), count(distinct data_object_id), count(data_object_id)
  07:09:06   2  from t3;
    COUNT(*) MIN(DATA_OBJECT_ID) MAX(DATA_OBJECT_ID) COUNT(DISTINCTDATA_OBJECT_ID) COUNT(DATA_OBJECT_ID)
      184456                   0             1526320                         12225                 70092
  1 row selected.
  Elapsed: 00:00:00.11
  07:09:41 > alter table t3 add (temp_data_object_id number(10,2));
  Table altered.
  Elapsed: 00:00:00.07
  07:10:27 > update t3 set temp_data_object_id = data_object_id, data_object_id = null;
  184456 rows updated.
  Elapsed: 00:00:04.49Notice that our column of interest is now entirely null, so the restriction against reducing its scale or precision will not longer impact us.
  07:11:00 >
  07:11:17 > select count(*), min(data_object_id), max(data_object_id), count(distinct data_object_id), count(data_object_id) from t3;
    COUNT(*) MIN(DATA_OBJECT_ID) MAX(DATA_OBJECT_ID) COUNT(DISTINCTDATA_OBJECT_ID) COUNT(DATA_OBJECT_ID)
      184456                                                                     0                     0
  1 row selected.
  Elapsed: 00:00:00.04
  07:11:51 > alter table t3 modify (data_object_id number(10,2))
  07:12:33 > /
  Table altered.
  Elapsed: 00:00:00.07
  07:12:35 > update t3 set data_object_id=temp_data_object_id;
  184456 rows updated.
  Elapsed: 00:00:04.01
  07:14:40 > select count(*), min(data_object_id), max(data_object_id), count(distinct data_object_id), count(data_object_id) from t3;
    COUNT(*) MIN(DATA_OBJECT_ID) MAX(DATA_OBJECT_ID) COUNT(DISTINCTDATA_OBJECT_ID) COUNT(DATA_OBJECT_ID)
      184456                   0             1526320                         12225                 70092
  1 row selected.
  Elapsed: 00:00:00.09
  07:14:49 > alter table t3 drop column temp_data_object_id;
  Table altered.
  Elapsed: 00:00:02.40
  07:15:11 > desc t3
  Name                                                              Null?    Type
  OWNER                                                             NOT NULL VARCHAR2(30)
  OBJECT_NAME                                                       NOT NULL VARCHAR2(30)
  SUBOBJECT_NAME                                                             VARCHAR2(30)
  OBJECT_ID                                                         NOT NULL NUMBER
  DATA_OBJECT_ID                                                             NUMBER(10,2)
  OBJECT_TYPE                                                                VARCHAR2(19)
  CREATED                                                           NOT NULL DATE
  LAST_DDL_TIME                                                     NOT NULL DATE
  TIMESTAMP                                                                  VARCHAR2(19)
  STATUS                                                                     VARCHAR2(7)
  TEMPORARY                                                                  VARCHAR2(1)
  GENERATED                                                                  VARCHAR2(1)
  SECONDARY                                                                  VARCHAR2(1)
  NAMESPACE                                                         NOT NULL NUMBER
  EDITION_NAME                                                               VARCHAR2(30)
  07:15:15 >

• When -ve scale in number datatype is used??????????

  dear friends,
  in the number datatype we specify precision and scale
  limit of precision is 1-38 & scale is -64 to 127 if i m right
  so i wll like 2 know when & how -ve scale value is used for data design
  also plz tell me how 2 declare col if expected values 2 b entered in it r like 0.0000078 etc.
  waiting for reply
  thanking you
  ganesh

  Perhaps the following will help
  SQL> create table test1 (
    2  a number(5,0),
    3  b number(5,1),
    4  c number(5,2),
    5  d number(5,-1),
    6  e number(5,-2)
    7  );
  Table created.
  SQL> insert into test1 values (1.234, 1.234, 1.234, 1.234, 1.234);
  1 row created.
  SQL> insert into test1 values (12.34, 12.34, 12.34, 12.34, 12.34);
  1 row created.
  SQL> insert into test1 values (123.4, 123.4, 123.4, 123.4, 123.4);
  1 row created.
  SQL> insert into test1 values (.1234, .1234, .1234, .1234, .1234);
  1 row created.
  SQL> insert into test1 values (.01234, .01234, .01234, .01234, .01234);
  1 row created.
  SQL> select * from test1
    2  ;
           A          B          C          D          E
           1        1.2       1.23          0          0
          12       12.3      12.34         10          0
         123      123.4      123.4        120        100
           0         .1        .12          0          0
           0          0        .01          0          0
  SQL>

• EFS, password change denies access to encrypted data

  Hi,
  Has anyone had the issue with admin changing users password in Console One
  resulting in users not being able to access their encrypted data.
  Laptop users are using EFS to encrypt their data.
  These users have WinXPPro SP2 and we are running ZfD 6.5SP2.
  I have found IR 1 for ZfD 6.5 SP2 which includes TID3003874 "Personal IE
  certificates and EFS stop working after password change" however this does
  not fix the issue.
  Could someone explain in more detail what this fix does as I may have
  misunderstood what this fix is.
  Regards,
  Eric.

  I know this is an old thread, but I thought it would be best to those who
  found it realized that the best method for addressing this issue may be
  found here:
  http://www.novell.com/support/viewCo...rnalId=3724689
  However the MS article could still be useful for some.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "ghoskins" <[email protected]> wrote in message
  news:[email protected]..
  >
  > I'm having the same problem. I ran acrosss this Microsoft KB and it
  > seems to fix the issue. I'm not certain this is the best security
  > practices, but it does work.
  >
  > 'User cannot gain access to certificate functionality after password
  > change or when using a roaming profile'
  > (http://support.microsoft.com/default...b;en-us;331333)
  >
  >
  > --
  > ghoskins
  > ------------------------------------------------------------------------
  > ghoskins's Profile: http://forums.novell.com/member.php?userid=12306
  > View this thread: http://forums.novell.com/showthread.php?t=215857
  >

• What happens to encrypted data when the server is destroyed?

  Backups to tape are encrypted with a certificate. 
  But what happens if the backup server is destroyed? Do I lose all the backup data on those tapes?
  Can I backup the certificate or is it specific to that specific DPM server?
  In the case of a catastrophic datacenter failure, where everything is lost except the tapes and the certificate, what is the process for recovering the encrypted data?

  You can absolutely backup the certificates used for DPM encryption and you should store those somewhere safe (for example, burn to CD and put in a fireproof safe offsite somewhere secure in an encrypted file).
  This section of TechNet describes the process: http://technet.microsoft.com/en-us/library/jj628058.aspx
  If you had to recreate a DPM server to read the tapes then you'd need to the certificates in the correct certificate store on the DPM server, in addition you'd need to ensure you had the certificates for the certificate chain, if there is one, in the correct
  locations in the cert store.
  Once a cert expires, do not delete it from the DPM until all the tapes that have used that cert are no longer in use or have been overwritten.
  The data would need to be imported through the recovery section in DPM but you'd be able to read and recover the data if the certs were present. No cert = no recovery.

• Encrypting Data on part of a file system.

  A few months ago, using hints I found on the internet, I was able to use diskutil command line utililty to create an encrypted partition of the same sort as when turning FileVault on in Security Preferences.  File Vault doe not appear to offer a way to choose some pargt of the disk storage such as an entire drive of a folder on a drive.  I was able to do it and it worked.  When I mount the disk partition to the system (usualy by plugging it in and turning it on), I'm asked for the security pass phrase or key to decrypt it.  Once mounted with the key supplied, I can access it as any other mounted disk with the type of access restrictions that might be present on any disk.Since I want the data to be truly privatem U decline to put the key into the a known place such as the keychain.  I don't want just anyone who has a log on to this iMac to b e able to read this data.  I want them to need to enter a private key to mount the data. 
  My only problem with this is the hoops I needed to go through to do this.  It is complicated and invovlves setting up special partitions for the purpose.
  Searching Finder help for encrypting data it offered a solution for data on a removable drive.  The stepsare very simple and easy to do:
     a) Mount the files to be encrypted if they are not  online.  They also need to be in a folder or even an entire partition.
      b) Open Disk Utility (GUI version)
      c)Choose File > New > Disk Image From Folder (or New-> Disk Image ffrom a Device).
      d) Select the folder or disk you want to encrypt.
      e) A save dialog will pop up.  Select the name of the archive you wish to create and select a location.  I choose a removable disk partition which has enouh space.  Select Compressed if you wish.  Then Select Encryption and choose the key size for encryption from the drop dwon.  When you click Save, Disk Utility begins creating a disk image that is (possibly) compressed and probably encrypted.  Once done, the files in the folder or partiion are hiddent behind the encryption.  To get to them, you much open the DMG file and supply the password to unlock the encryption.  You can save the key in the keychain if you are not worreid about who can get in.  If you wish to restrict access to fewer people, keep the key secret and provide a recovery mechanism that is suitable for you need.
     f)  One the archive is created, the disk partition containing it may b4 mounted on the system (if it is not there already) and by opening the dmg file you will be asked for the key.  The system will validate that the key works and the encryption and comprewssion are working.  The archive will be mounted as a virual disk.  It can be accessed by any useer of that computer unless the file permissions get in the way.  Mounting it only when the computer is being used by authorized people allow you to mount and dismount the archive for use during a limited time.
  I have a couple of questions here.  Is there an easier way to do this?  Is this encryption as strong as that used in FileVault? 

  No. I don't know why it would not be, except it is easier for a person to leave the disk mounted where anyone can then see it. With FileVault forcing a password on wake from sleep, it will likely be encrypted if anyone found it.
  I'm not sure why you went to the trouble you did before, except the instructions might have been to create an encrypted partition as opposed to creating the disk image. Disk images have been around for at least a decade.
  If you plan on backing up the image with Time Machine, use a sparse bundle disk image as it will write the data to small files, called stripes. Only the stripes that change get backed up instead of the entire image.