DBMS_Crypto.Encrypt

Similar Messages

• Failed to call DBMS_CRYPTO.ENCRYPT / DECRYPT

  I tried to use Oracle 11gR2 DBMS_CRYPTO to perform AES256 encryption/decryption. From the Oracle Ref., it specifies "Security Model - Oracle Database installs this package in the SYS schema. You can then grant package access to existing users and roles as needed." So requested DBA to grant EXECUTE privilege for the SYS.DBMS_CRYPTO.
  I successfully run the SQL "select DBMS_CRYPTO.RANDOMBYTES(64) from dual;", but when I tried to implement Package body. The compiler prompted errors: PLS-00201: identified 'DBMS_CRYPTO' must be declared.
  Please kindly help and advise. Thanks!
  Src code of the package body:
  CREATE OR REPLACE PACKAGE BODY PKG_TOOLKIT AS
       g_encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC     + DBMS_CRYPTO.PAD_PKCS5;
  FUNCTION encrypt (p_text IN VARCHAR2) RETURN RAW IS
       l_key VARCHAR2(512);
  l_text VARCHAR2(32767) := p_text;
  l_encrypted RAW(32767);          
  BEGIN
  getKey(l_key);
            l_encrypted := DBMS_CRYPTO.ENCRYPT(src => UTL_I18N.STRING_TO_RAW(l_text, 'AL32UTF8'),
  typ => g_encryption_type,
  key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
  RETURN l_encrypted;
  END;
  FUNCTION decrypt (p_raw IN RAW) RETURN VARCHAR2 IS
       l_key VARCHAR2(512);
  l_decrypted VARCHAR2(32767);
  BEGIN
  getKey(l_key);
            l_decrypted := DBMS_CRYPTO.DECRYPT(src => p_raw,
  typ => g_encryption_type,
  key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
  RETURN RTrim(UTL_I18N.RAW_TO_CHAR(l_decrypted, 'AL32UTF8'));
  END;
  END PKG_TOOLKIT;
  /

  From the Package DBMS_CRYPTO -> Grants, I found there is a privilege "EXECUTE" granted to grantee "ORADEV1". "ORADEV1" is the login ID I'm using to connect to Oracle. Can I tell whether the DBA is granting the privilege to this id or it's role thru Oracle Developer?

• Key Lenght too short error with dbms_crypto.encrypt

  Hi Friends,
  I am getting above mentioned error with dbms_crypto.encrypt.
  I had created a thread in technology --> security forum but i am not getting any help from there.
  ORA-28234 Key Length too short with dbms_crypto.encrypt
  Appreciate if anyone help me resolve this issue.
  Thanks
  AT

  Hi Warren,
  Yes function is compiled without any compilation error.
  Thanks
  AT

• Dbms_crypto encrypt date number datatype

  I am using oracle 11g. I am very new to dbms_crypto. I went through documentation but have following doubts:
  Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?
  If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
  Does the RAW size must be in multiple of 16?
  How can I encrypt data of datatype date and number using dbms_crypto?
  Thanks a lot for your time to clarify my quries?

  spur230 wrote:
  Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?It's not mandatory, but it's certainly a good idea. If you store encrypted data in a VARCHAR2 column, that means that it is subject to character set conversion if it's moved from one database to another or sent from a database to a client machine. But if character set conversion happens, your encrypted data is corrupted.
  If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
  Does the RAW size must be in multiple of 16?It would be helpful to specify exactly what algorithm and parameters you intend to use because it may vary. If, for example, we encrypt using AES-256 with Cipher Block Chaining and PKCS#5 compliant padding (which happens to be the example in the DBMS_CRYPTO manual), the output RAW will always be a multiple of 16 and as large or larger than the input RAW.
  A VARCHAR2(32) will either allocate 32 characters of storage or 32 bytes of storage depending on your NLS_LENGTH_SEMANTICS parameter. If you're using the default, it will allocate 32 bytes. But 32 bytes in the database character set may require more than 32 bytes of storage once you convert it to a UTF-8 encoded RAW (which, technically, also isn't required but is a good practice) and, thus, the encrypted string might require more than 32 bytes of storage. Your database character set and the actual data you store/ want to be able to store will influence how likely it is that you'll need a larger RAW than your VARCHAR2.
  How can I encrypt data of datatype date and number using dbms_crypto?dbms_crypto only operates on RAW data. Just like you convert strings to RAW before encrypting them, you'd need to convert your dates and numbers to RAW. For numbers, you should be able to use UTL_RAW.CAST_FROM_NUMBER. I don't know of a method of casting dates to a RAW other than converting them to a known string representation and then encrypting that (and, of course, doing the reverse when you decrypt the string and convert it back to a date using that same format).
  Justin

• Error when useing DBMS_CRYPTO package in reports 10g

  hi all,
  i wrote a package which use dbms_crypto, there are functions to crypto userid and decrypo userid.
  in report 6i it work fine it cryptos and decrpts. when i use in reports 10g it gives this error.
  -28817 ORA-28817: PL/SQL function returned an error.
  ora-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
  ORA-06512: at "SYS.DBMS_CRYPTO", line 41
  ora-06512: at "YBS.SIFRELE", line 26
  the packege like this;
  PACKAGE BODY SIFRELE
  IS
  function sicil_sifrele (p_sicil_no IN varchar2) RETURN varchar2
  IS
  p_key RAW(128);
  p_sicil_raw RAW(128);
  p_encrypted_raw RAW(128);
  BEGIN
  p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
  p_sicil_raw := utl_raw.cast_to_raw(p_sicil_no);
  p_encrypted_raw := dbms_crypto.encrypt(src => p_sicil_raw,
  typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
  return (utl_raw.cast_to_varchar2(p_encrypted_raw));
  END;
  FUNCTION sicil_coz ( p_encrypted_raw IN RAW) RETURN varchar2
  IS
  p_key RAW(128);
  p_decrypted_raw RAW(128);
  sicil_donen VARCHAR2(250);
  BEGIN
  p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
  p_decrypted_raw := dbms_crypto.decrypt(src => p_encrypted_raw,
  typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
  sicil_donen := utl_raw.cast_to_varchar2(p_decrypted_raw);
  return (sicil_donen);
  END;
  END;
  thanks.
  eser

  Hello,
  You should create a "wrapper function"
  Create a function in the database that will call dbms_crypto.encrypt / dbms_crypto.decrypt and call this function in Reports.
  (The problem here seems to be the reference to dbms_crypto.des_cbc_pkcs5)
  Regards

• Using DBMS_CRYPTO package in reports

  hi all,
  i want to encrypt & decrypt user parameter in report.
  to encrypt i use;
  l_encrypted_raw := dbms_crypto.encrypt(src => my_parameter,
  typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
  to decrypt;
  l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw,
  typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
  in sql developer these codes are running. i can encrypt & decrypt
  but when i want to decrypt in reports it gives an error like this:
  implementation restriction: 'DBMS_CRYPTO.DES_CBC_PKCS5': Cannot directly access remote package variable or cursor
  how can i pass this?
  thanks...

  Hello,
  You should create a "wrapper function"
  Create a function in the database that will call dbms_crypto.encrypt / dbms_crypto.decrypt and call this function in Reports.
  (The problem here seems to be the reference to dbms_crypto.des_cbc_pkcs5)
  Regards

• Error when using DBMS_CRYPTO package in reports 10g

  hi all,
  i wrote a package which use dbms_crypto, there are functions to crypto userid and decrypo userid.
  the packege like this;
  PACKAGE BODY SIFRELE
  IS
  function sicil_sifrele (p_sicil_no IN varchar2) RETURN varchar2
  IS
  p_key RAW(128);
  p_sicil_raw RAW(128);
  p_encrypted_raw RAW(128);
  BEGIN
  p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
  p_sicil_raw := utl_raw.cast_to_raw(p_sicil_no);
  p_encrypted_raw := dbms_crypto.encrypt(src => p_sicil_raw,
  typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
  return (utl_raw.cast_to_varchar2(p_encrypted_raw));
  END;
  FUNCTION sicil_coz ( p_encrypted_raw IN RAW) RETURN varchar2
  IS
  p_key RAW(128);
  p_decrypted_raw RAW(128);
  sicil_donen VARCHAR2(250);
  BEGIN
  p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
  p_decrypted_raw := dbms_crypto.decrypt(src => p_encrypted_raw,
  typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
  sicil_donen := utl_raw.cast_to_varchar2(p_decrypted_raw);
  return (sicil_donen);
  END;
  END;
  in report 6i it work fine cryptos and decrpts. when i use in reports 10g it gives this error.
  -28817 ORA-28817: PL/SQL function returned an error.
  ora-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
  ORA-06512: at "SYS.DBMS_CRYPTO", line 41
  ora-06512: at "YBS.SIFRELE", line 26
  thanks...

  Hello,
  You should create a "wrapper function"
  Create a function in the database that will call dbms_crypto.encrypt / dbms_crypto.decrypt and call this function in Reports.
  (The problem here seems to be the reference to dbms_crypto.des_cbc_pkcs5)
  Regards

• How to encrypt column of some table with the single method ?

  How to encrypt column of some table with the single method ?

  How to encrypt column of some table with the single
  method ?How to encrypt column of some table with the single
  method ?
  using dbms_crypto package
  Assumption: TE is a user in oracle 10g
  we have a table need encrypt a column, this column SYSDBA can not look at, it's credit card number.
  tha table is
  SQL> desc TE.temp_sales
  Name Null? Type
  CUST_CREDIT_ID NOT NULL NUMBER
  CARD_TYPE VARCHAR2(10)
  CARD_NUMBER NUMBER
  EXPIRY_DATE DATE
  CUST_ID NUMBER
  1. grant execute on dbms_crypto to te;
  2. Create a table with a encrypted columns
  SQL> CREATE TABLE te.customer_credit_info(
  2 cust_credit_id number
  3      CONSTRAINT pk_te_cust_cred PRIMARY KEY
  4      USING INDEX TABLESPACE indx
  5      enable validate,
  6 card_type varchar2(10)
  7      constraint te_cust_cred_type_chk check ( upper(card_type) in ('DINERS','AMEX','VISA','MC') ),
  8 card_number blob,
  9 expiry_date date,
  10 cust_id number
  11      constraint fk_te_cust_credit_to_cust references te.customer(cust_id) deferrable
  12 )
  13 storage (initial 50k next 50k pctincrease 0 minextents 1 maxextents 50)
  14 tablespace userdata_Lm;
  Table created.
  SQL> CREATE SEQUENCE te.customers_cred_info_id
  2 START WITH 1
  3 INCREMENT BY 1
  4 NOCACHE
  5 NOCYCLE;
  Sequence created.
  Note: Credit card number is blob data type. It will be encrypted.
  3. Loading data encrypt the credit card number
  truncate table TE.customer_credit_info;
  DECLARE
  input_string VARCHAR2(16) := '';
  raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
  key_string VARCHAR2(8) := 'AsDf!2#4';
  raw_key RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII'));
  encrypted_raw RAW(2048);
  encrypted_string VARCHAR2(2048);
  BEGIN
  for cred_record in (select upper(CREDIT_CARD) as CREDIT_CARD,
  CREDIT_CARD_EXP_DATE,
  to_char(CREDIT_CARD_NUMBER) as CREDIT_CARD_NUMBER,
  CUST_ID
  from TE.temp_sales) loop
  dbms_output.put_line('type:' || cred_record.credit_card || 'exp_date:' || cred_record.CREDIT_CARD_EXP_DATE);
  dbms_output.put_line('number:' || cred_record.CREDIT_CARD_NUMBER);
  input_string := cred_record.CREDIT_CARD_NUMBER;
  raw_input := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
  dbms_output.put_line('> Input String: ' || CONVERT(UTL_RAW.CAST_TO_VARCHAR2(raw_input),'US7ASCII','AL32UTF8'));
  encrypted_raw := dbms_crypto.Encrypt(
  src => raw_input,
  typ => DBMS_CRYPTO.DES_CBC_PKCS5,
  key => raw_key);
  encrypted_string := rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)) ;
  dbms_output.put_line('> Encrypted hex value : ' || encrypted_string );
  insert into TE.customer_credit_info values
  (TE.customers_cred_info_id.nextval,
  cred_record.credit_card,
  encrypted_raw,
  cred_record.CREDIT_CARD_EXP_DATE,
  cred_record.CUST_ID);
  end loop;
  commit;
  end;
  4. Check credit card number script
  DECLARE
  input_string VARCHAR2(16) := '';
  raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
  key_string VARCHAR2(8) := 'AsDf!2#4';
  raw_key RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII'));
  encrypted_raw RAW(2048);
  encrypted_string VARCHAR2(2048);
  decrypted_raw RAW(2048);
  decrypted_string VARCHAR2(2048);
  cursor cursor_cust_cred is select CUST_CREDIT_ID, CARD_TYPE, CARD_NUMBER, EXPIRY_DATE, CUST_ID
  from TE.customer_credit_info order by CUST_CREDIT_ID;
  v_id customer_credit_info.CUST_CREDIT_ID%type;
  v_type customer_credit_info.CARD_TYPE%type;
  v_EXPIRY_DATE customer_credit_info.EXPIRY_DATE%type;
  v_CUST_ID customer_credit_info.CUST_ID%type;
  BEGIN
  dbms_output.put_line('ID Type Number Expiry_date cust_id');
  dbms_output.put_line('-----------------------------------------------------');
  open cursor_cust_cred;
  loop
       fetch cursor_cust_cred into v_id, v_type, encrypted_raw, v_expiry_date, v_cust_id;
  exit when cursor_cust_cred%notfound;
  decrypted_raw := dbms_crypto.Decrypt(
  src => encrypted_raw,
  typ => DBMS_CRYPTO.DES_CBC_PKCS5,
  key => raw_key);
  decrypted_string := CONVERT(UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw),'US7ASCII','AL32UTF8');
  dbms_output.put_line(V_ID ||' ' ||
  V_TYPE ||' ' ||
  decrypted_string || ' ' ||
  v_EXPIRY_DATE || ' ' ||
  v_CUST_ID);
  end loop;
  close cursor_cust_cred;
  commit;
  end;
  /

• DBMS_CRYPTO package help needed :(

  Hello all,
  I want to use Oracle's DBMS_CRYPTO package for decrypting some data.
  I have one sample program as follows which is not working....the error is shown below.
  SQL> DECLARE
  2 input_string VARCHAR2 (200) := 'Secret Message';
  3 output_string VARCHAR2 (200);
  4 encrypted_raw RAW (2000); -- stores encrypted binary text
  5 decrypted_raw RAW (2000); -- stores decrypted binary text
  6 num_key_bytes NUMBER := 256/8; -- key length 256 bits (32 bytes)
  7 key_bytes_raw RAW (32); -- stores 256-bit encryption key
  8 encryption_type PLS_INTEGER := -- total encryption type
  9 DBMS_CRYPTO.ENCRYPT_AES256
  10 + DBMS_CRYPTO.CHAIN_CBC
  11 + DBMS_CRYPTO.PAD_PKCS5;
  12 BEGIN
  13 DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);
  14 key_bytes_raw := DBMS_CRYPTO.RANDOMBYTES (num_key_bytes);
  15 encrypted_raw := DBMS_CRYPTO.ENCRYPT
  16 (
  17 src => UTL_I18N.STRING_TO_RAW (input_string, 'AL32UTF8'),
  18 typ => encryption_type,
  19 KEY => key_bytes_raw
  20 );
  21 decrypted_raw := DBMS_CRYPTO.DECRYPT
  22 (
  23 src => encrypted_raw,
  24 typ => encryption_type,
  25 KEY => key_bytes_raw
  26 );
  27 output_string := UTL_I18N.RAW_TO_CHAR (decrypted_raw, 'AL32UTF8');
  28 DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || output_string);
  29 END;
  30 /
  DBMS_CRYPTO.ENCRYPT_AES256
  ERROR at line 9:
  ORA-06550: line 9, column 2:
  PLS-00201: identifier 'DBMS_CRYPTO' must be declared
  ORA-06550: line 8, column 23:
  PL/SQL: Item ignored
  ORA-06550: line 14, column 21:
  PLS-00201: identifier 'DBMS_CRYPTO' must be declared
  ORA-06550: line 14, column 4:
  PL/SQL: Statement ignored
  ORA-06550: line 15, column 21:
  PLS-00201: identifier 'DBMS_CRYPTO' must be declared
  ORA-06550: line 15, column 4:
  PL/SQL: Statement ignored
  ORA-06550: line 21, column 18:
  PLS-00201: identifier 'DBMS_CRYPTO' must be declared
  ORA-06550: line 21, column 1:
  PL/SQL: Statement ignored
  Oracle version is
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production on linux server.
  can anybody help me how to resolve this problem?
  I mean isnt "DBMS_CRYPTO" Oracle's Standard package?
  pls help.

  Really you should not be using SYSTEM account - you should create your own DBA / Development accounts and use those.
  However, what you are missing is to connect as SYS/SYSDBA and...
  GRANT EXECUTE ON dbms_crypto TO system;

• Dbms_crypto package for number and date data type

  Hi,
  I am using Oracle 10g 10.2.0.3 on Linux 64 bit
  I am tryiing to use dbms_crypto package for the first time to encypt my tables column
  Following are my table columns
  NAME1 VARCHAR2(2000),
  ID1 NUMBER,
  SCORE number
  This table is already populated
  i want to encrypt Name1 and Score column. Following are the functions i have created for Encryption and decryption.
  --For Encryption
  create or replace function get_enc_val
  p_in in varchar2,
  p_key in raw
  return raw is
  l_enc_val raw (2000);
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  begin
  l_enc_val := dbms_crypto.encrypt
  UTL_I18N.STRING_TO_RAW
  (p_in, 'AL32UTF8'),
  l_mod,
  p_key
  return l_enc_val;
  end;
  --For Decryption
  create or replace function get_dec_val
  p_in in raw,
  p_key in raw
  return varchar2
  is
  l_ret varchar2 (2000);
  l_dec_val raw (2000);
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  begin
  l_dec_val := dbms_crypto.decrypt
  p_in,
  l_mod,
  p_key
  l_ret:= UTL_I18N.RAW_TO_CHAR
  (l_dec_val, 'AL32UTF8');
  return l_ret;
  end;
  Key: I have stored a key in other schema and calling it by using function get_key().
  Following is my insert
  INSERT INTO Score_table VALUES
  (get_enc_val('John',get_key()),25,get_enc_val(79,get_key()))
  it is giving me following error
  ORA-00932:Inconsistent Datatypes:Expected number got binary.
  I checked, it is an error due to Score field, which is of number type. So do i need to change type of Score field to varchar or is there any other way to encrypt number and date field.
  If i need to change the type then what will happen to the data already in Table and how do i encrypt data already in table.

  Hi,
  Is there any one who can tell me that, do i need to change my table column data type as the encrypted value will be character.

• Dbms_crypto - avoid error when using different key in lower environment

  Hello Experts,
  We are using Oracle 11.2.0.2. We are planning to implement dbms_crypto to encrypt few columns. We clone the data from production to lower environment ( DEV, QC).
  For the lower environments, we do not want to get the sensitive data from production and do not plan to use same key. Rather than getting an error when using differnt key, is it possible to get a different resultset back.
  In other words, we want the implementation to be same across environments but want to use a diffent key in lower environment and get different result (or garbage).
  Any suggestions would be greatly appreciated.
  While testing this logic, I am getting following error when using differnt key to decrypt. It works fine if I use same key.
  Error at line 1
  ORA-28817: PL/SQL function returned an error.
  ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
  ORA-06512: at "SYS.DBMS_CRYPTO", line 44
  ORA-06512: at line 19
  DECLARE
    l_credit_card_no    VARCHAR2(19) := '1234 5678 9012 3456';
    l_ccn_raw           RAW(128) := UTL_RAW.cast_to_raw(l_credit_card_no);
  l_key               RAW(128) := UTL_RAW.cast_to_raw('abcdefgh');
     l2_key               RAW(128) := UTL_RAW.cast_to_raw('12345678');
    l_encrypted_raw     RAW(2048);
    l_decrypted_raw     RAW(2048);
  BEGIN
    DBMS_OUTPUT.put_line('Original  : ' || l_credit_card_no);
    l_encrypted_raw := DBMS_CRYPTO.encrypt(src => l_ccn_raw,
                                           typ => DBMS_CRYPTO.des_cbc_pkcs5,
                                           key => l_key);
    DBMS_OUTPUT.put_line('Encrypted : ' || RAWTOHEX(UTL_RAW.cast_to_raw(l_encrypted_raw)));
    l_decrypted_raw := DBMS_CRYPTO.decrypt(src => l_encrypted_raw,
                                           typ => DBMS_CRYPTO.des_cbc_pkcs5,
                                           key => l2_key); --**Using different key to decrypt
    DBMS_OUTPUT.put_line('Decrypted : ' || UTL_RAW.cast_to_varchar2(l_decrypted_raw));
  END;Thank you.

  If I understand what you are trying to do ... and I may not ... it is not going to work.
  SQL> DECLARE
    2   l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
    3   l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
    4   l_key1     RAW(128) := utl_raw.cast_to_raw('abcdefgh');
    5   l_key2     RAW(128) := utl_raw.cast_to_raw('zyxwvuts');  -- alternate key used to attempt a different decryption
    6 
    7   l_encrypted_raw RAW(2048);
    8   l_decrypted_raw RAW(2048);
    9  BEGIN
  10    dbms_output.put_line('Original : ' || l_credit_card_no);
  11 
  12    l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw, dbms_crypto.des_cbc_pkcs5, l_key1);
  13 
  14    dbms_output.put_line('Encrypted : ' || RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));
  15 
  16    l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkc
  s5, key => l_key1);
  17 
  18    dbms_output.put_line('Key1 : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
  19 
  20    l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkc
  s5, key => l_key2);
  21 
  22    dbms_output.put_line('Key2 : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
  23  END;
  24  /
  Original : 1612-1791-1809-2605
  Encrypted : 3534443342333642353141363846384237463732384636373943374630364234323243334539383042323135
  Key1 : 1612-1791-1809-2605
  DECLARE
  ERROR at line 1:
  ORA-28817: PL/SQL function returned an error.
  ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
  ORA-06512: at "SYS.DBMS_CRYPTO", line 44
  ORA-06512: at line 20

• Need some hints on using dbms_crypto

  Hello,
  I need some hints on using the dbms_crypto package to generate some password for the OID userpassword attribute. The passwordstring is stored in a format {CRYPT}dasdasdawdww, {SHA}jfsklefjskldjkdlkldf, {MD4}dfdsfgsdgdfewwe or {MD5}fsdfsdadsgdfg where the keyword in the curly brackets describes the encryption methods. I think CRYPT means DES, SHA means SHA-1.
  The key for the DES encryption for UNIX password authentification is in the first 2 letters of the encrypted string. I wanna have an encryption function which encrypts the clear type passwords in the right format like this perl script:
  #!/bin/perl
  print crypt($ARGV[0],"HS");
  #: crypt.pl Test123 # program fetch
  HSF0Sx2zdrLoQ
  Regards
  Holger

  Hello,
  meanwhile I made some investigations on the Problem
  I tried this code:
  DECLARE
  input_string       VARCHAR2 (200) :=  'Test123';
  output_string      VARCHAR2 (200);
  encrypted_raw      RAW (2000);             -- stores encrypted binary text
  decrypted_raw      RAW (2000);             -- stores decrypted binary text
  num_key_bytes      NUMBER := 256/8;        -- key length 256 bits (32 bytes)
  key_bytes_raw      RAW (32);               -- stores 256-bit encryption key
  encryption_type    PLS_INTEGER :=          -- total encryption type
                           DBMS_CRYPTO.ENCRYPT_DES
                         + DBMS_CRYPTO.CHAIN_CBC
                         + DBMS_CRYPTO.PAD_PKCS5;
  BEGIN
          DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);
          key_bytes_raw := UTL_I18N.STRING_TO_RAW ( 'HS' );
          encrypted_raw := DBMS_CRYPTO.ENCRYPT
                          src => UTL_I18N.STRING_TO_RAW (input_string,  'AL32UTF8'
                          typ => encryption_type,
                          key => key_bytes_raw
  -- The encrypted value "encrypted_raw" can be used here
          DBMS_OUTPUT.PUT_LINE ( 'Encrypted string: ' || encrypted_raw);
          decrypted_raw := DBMS_CRYPTO.DECRYPT
                          src => encrypted_raw,
                          typ => encryption_type,
                          key => key_bytes_raw
          DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || UTL_I18N.RAW_TO_CHAR (decr
  ypted_raw, 'AL32UTF8'));
          DBMS_OUTPUT.PUT_LINE ('Encrypted Char string: ' || UTL_I18N.RAW_TO_CHAR
  (encrypted_raw, 'AL32UTF8'));
  END;
  /and got these error messages:
  ERROR at line 1:
  ORA-28234: key length too short
  ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
  ORA-06512: at "SYS.DBMS_CRYPTO", line 10
  ORA-06512: at line 15In the next try:
  DECLARE
  input_string       VARCHAR2 (200) :=  'Test123';
  output_string      VARCHAR2 (200);
  encrypted_raw      RAW (2000);             -- stores encrypted binary text
  decrypted_raw      RAW (2000);             -- stores decrypted binary text
  num_key_bytes      NUMBER := 256/8;        -- key length 256 bits (32 bytes)
  key_bytes_raw      RAW (32);               -- stores 256-bit encryption key
  encryption_type    PLS_INTEGER :=          -- total encryption type
                           DBMS_CRYPTO.ENCRYPT_DES
                         + DBMS_CRYPTO.CHAIN_CBC
                         + DBMS_CRYPTO.PAD_PKCS5;
  BEGIN
          DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);
          key_bytes_raw := UTL_I18N.STRING_TO_RAW ( 'HS12345678901234' );
          encrypted_raw := DBMS_CRYPTO.ENCRYPT
                          src => UTL_I18N.STRING_TO_RAW (input_string,  'AL32UTF8'
                          typ => encryption_type,
                          key => key_bytes_raw
  -- The encrypted value "encrypted_raw" can be used here
          DBMS_OUTPUT.PUT_LINE ( 'Encrypted string: ' || encrypted_raw);
          decrypted_raw := DBMS_CRYPTO.DECRYPT
                          src => encrypted_raw,
                          typ => encryption_type,
                          key => key_bytes_raw
          DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || UTL_I18N.RAW_TO_CHAR (decr
  ypted_raw, 'AL32UTF8'));
          DBMS_OUTPUT.PUT_LINE ('Encrypted Char string: ' || UTL_I18N.RAW_TO_CHAR
  (encrypted_raw, 'AL32UTF8'));
  END;
  /I got some results which have nothing in common with the perl script:
  Original string: Test123
  Encrypted string: DE5668CD7762074C
  Decrypted string: Test123
  Encrypted Char string: ?h?bL
  PL/SQL procedure successfully completed.Come to think of it I doubt if DBMS_CRYPTO is the right way to solve my problem. Any further hints?
  Regards Holger

• Invoke wallet key for use with DBMS_CRYPTO package

  Hello,
  I intend to use DBMS_CRYPTO and use personal key that is already stored in a wallet (file). Which steps must i take to bring this key as a parameter to DBMS_CRYPTO.ENCRYPT for encypting BLOB. Al examples i found till now use only self created keys.
  Many thanks to enyone who can help me with an advice.
  Ernest

  Sorry, but you're in the wrong forum (as this one is only for issues with the SQL Developer tool). You'll get more answers in the SQL And PL/SQL forum.
  Have fun,
  K.

• DBMS_CRYPTO.DECRYPT-Error in decryption.

  Hi all,
  i created encryption and decryption program using DBMS_CRYPTO package.as a whole both encryption and decryption working fine.but when i used the decrypt part alone using stored encrypted data(RAW DataType) it showing some internal error,kindly help me in this issue.i provided the details here,
  * I encrypted a string using dbms_crypto.encrypt and stored that string in a column which i created as RAW datatype format.
  *The program i used is ,
  DECLARE
  op VARCHAR2(500) ;
  op_raw raw(2000);
  ip raw(2000);
  num_key_bytes NUMBER := 256/8; -- key length 256 bits (32 bytes)
  key_bytes_raw RAW (32); -- stores 256-bit encryption key
  encryption_type PLS_INTEGER := -- total encryption type
  DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC + DBMS_CRYPTO.PAD_PKCS5;
  BEGIN
  SELECT pass INTO ip FROM user_test WHERE user_id =309;
  /*this pass is of format RAW,it storing the ouput of DBMS_CRYPTO.ENCRYPT */
  /*above query fetches F130E5785F8DAE2D59972FB9B7B74BE4 as output */
  /*word used for encryption is 'secret' */
  key_bytes_raw := DBMS_CRYPTO.RANDOMBYTES (num_key_bytes);
  DBMS_OUTPUT.PUT_LINE ('ip :' || ip);
  op_raw := DBMS_CRYPTO.DECRYPT( src =>ip , typ => encryption_type, KEY => key_bytes_raw );
  DBMS_OUTPUT.PUT_LINE ('op_raw :'||op_raw);
  op:= UTL_I18N.RAW_TO_CHAR (op_raw , 'AL32UTF8');
  DBMS_OUTPUT.PUT_LINE ('op :'||op);
  END;
  * The Error i getting is ,
  Error report:
  ORA-28817: PL/SQL function returned an error.
  ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
  ORA-06512: at "SYS.DBMS_CRYPTO", line 41
  ORA-06512: at line 14
  28817. 00000 - "PL/SQL function returned an error."
  *Cause:    A PL/SQL function returned an error unexpectedly.
  *Action:   This is an internal error. Contact Oracle customer support.
  kindly help me in this issue as soon as possible.
  Thanks in advance,
  Jeevanand.K
  Edited by: Jeevanand K on Oct 26, 2010 2:08 AM

  Hi,
  there is a note on Metalink for this: "DBMS_CRYPTO.DECRYPT - ORA-28817 ORA-06512 at DBMS_CRYPTO_FFI", it has id 956603.1.
  Herald ten Dam
  http://htendam.wordpress.com

• AES Algorithm error when trying to encrypt using stored Java class.

  Dear All,
  We have a specific reuirement where in we cannot use DBMS_CRYPTO package to encrypt/decrypt data using AES Algorithm
  So I am trying to use a stored Java class and I am getting "AES algorithm not available".
  I am using Oracle 10gR2 standard edition.
  Below is my code
  1. Stored Java class
  2. Stored function to access the above Java class.
  3. Test anonymus PL/SQL to test above code.
  Please help me finding the problem why I am getting "AES algorithm not available" error when I call stored Java class in Oracle.?
  **** If I use "DES" algorithm, it works. Also the Java code works well if I execute it as normal Java class from Eclipse.
  I verified the java.security file in jre/lib/security and I see that there is provider entry for SunJCE.
  The jre version in Oracle is 1.4.2.
  I appreciate your help.
  Thanks,
  Priyanka
  Step1: Stored java class to encrypt and decrypt data
  CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED "EncryptUtil" AS
  import java.security.Key;
  import javax.crypto.Cipher;
  import javax.crypto.KeyGenerator;
  import javax.crypto.SecretKey;
  import javax.crypto.spec.SecretKeySpec;
  public class EncryptUtil
       public static String encrypt(String inStr)
       String outStr = "Test data 123";
  try
  KeyGenerator kgen = KeyGenerator.getInstance("AES");
  kgen.init(128);
  SecretKey skey = kgen.generateKey();
  byte[] raw = skey.getEncoded();
  SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
  Cipher cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
  byte[] encrypted =
  cipher.doFinal(inStr.getBytes());
  outStr =new String(encrypted);
  catch (Exception e)
       outStr = outStr + "exception thrown::" + e.getMessage();
  e.printStackTrace();
  return outStr;
  Step2: Stored function to access above stored java class.
  CREATE OR REPLACE FUNCTION SF_ENCRYPTUTIL(
  pKey1 VARCHAR2
  ) RETURN VARCHAR2 AS
  LANGUAGE JAVA NAME 'EncryptUtil.encrypt(java.lang.String ) return java.lang.String';
  Step3: Test encryption and descryption
  DECLARE
  outstr VARCHAR2(2000);
  BEGIN
  DBMS_OUTPUT.PUT_LINE('outstr-->' || SF_ENCRYPTUTIL('12345'));
  END;
  Below code example using DBMS_CRYPTO. This works, but we do not want to use this.
  declare
  l_in_val varchar2(2000) := 'Test data 123';
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  l_enc raw (2000);
  l_enc_key raw (2000);
  l_dec raw (2000);
  begin
  l_enc := dbms_crypto.encrypt
  UTL_I18N.STRING_TO_RAW (l_in_val, 'AL32UTF8'),
  l_mod,
  HEXTORAW('156ae12300ccfbeb48e43aa016febb36'),
  HEXTORAW('001122230405060708090a0b0c0d0e0f')
  dbms_output.put_line ('Encrypted='||l_enc);
  end;
  Edited by: user5092433 on Sep 10, 2009 12:26 AM

  I guess I'd be a bit curious about why you can't use a DBMS_CRYPTO solution that provides identical output. It seems odd to want to have a procedure running inside Oracle and then dictate that it has to be Java and not PL/SQL...
  I verified the java.security file in jre/lib/security and I see that there is provider entry for SunJCE.
  The jre version in Oracle is 1.4.2.Which java.security file are you talking about? The JVM that is inside the Oracle database does not and can not use configuration files that are outside the database. I suspect when you talk about files and paths that you're looking at a JVM outside the database, which is not the JVM that your Java stored procedure would be using.
  Looking at the error, my assumption is that some JAR file needs to be loaded into the internal JVM in order for the AES algorithm to be available. But I'm unfortunately not familiar enough with these classes to say what that would be.
  Justin