DBMS_Crypto.Encrypt
Reference to the site:
http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
I have created get_enc_val function in the database.
function get_enc_val
p_in in varchar2,
p_key in raw
return raw is
l_enc_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
begin
l_enc_val := dbms_crypto.encrypt
UTL_I18N.STRING_TO_RAW
(p_in, 'AL32UTF8'),
l_mod,
p_key
return l_enc_val;
end;
When i run the following:
create table test(res_id varchar2(19), res_salary raw(2000));
insert into test
(res_id, res_salary)
values
('001',
get_enc_val (
'2000', dbms_crypto.randombytes (128))
System shows error:
ORA-28239: no key provided
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at "BMS.GET_ENC_VAL", line 12
Can anybody help? Thanks a lot!
DECLARE
input_string VARCHAR2(16) := 'tigertigertigert';
raw_input RAW(128) :=
UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
key_string VARCHAR2(8) := 'scottsco';
raw_key RAW(128) :=
UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII'));
encrypted_raw RAW(2048);
encrypted_string VARCHAR2(2048);
decrypted_raw RAW(2048);
decrypted_string VARCHAR2(2048);
-- 1. Begin testing Encryption BEGIN
dbms_output.put_line('> Input String : ' ||
CONVERT(UTL_RAW.CAST_TO_VARCHAR2(raw_input),'US7ASCII','AL32UTF8'));
dbms_output.put_line('> ========= BEGIN TEST Encrypt =========');
encrypted_raw := dbms_crypto.Encrypt(
src => raw_input,
typ => DBMS_CRYPTO.DES_CBC_PKCS5,
key => raw_key);
dbms_output.put_line('> Encrypted hex value : ' ||
rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)));
decrypted_raw := dbms_crypto.Decrypt(
src => encrypted_raw,
typ => DBMS_CRYPTO.DES_CBC_PKCS5,
key => raw_key);
decrypted_string :=
CONVERT(UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw),'US7ASCII','AL32UTF8');
dbms_output.put_line('> Decrypted string output : ' ||
decrypted_string);
if input_string = decrypted_string THEN
dbms_output.put_line('> String DES Encyption and Decryption successful');
END if; dbms_output.put_line(''); dbms_output.put_line('> ========= BEGIN TEST Hash =========');
encrypted_raw := dbms_crypto.Hash(
src => raw_input,
typ => DBMS_CRYPTO.HASH_SH1);
dbms_output.put_line('> Hash value of input string : ' ||
rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)));
dbms_output.put_line('> ========= BEGIN TEST Mac =========');
encrypted_raw := dbms_crypto.Mac(
src => raw_input,
typ => DBMS_CRYPTO.HMAC_MD5,
key => raw_key);
dbms_output.put_line('> Message Authentication Code : ' ||
rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)));
dbms_output.put_line(''); dbms_output.put_line('> End of DBMS_CRYPTO tests '); END; /
error:
dbms_output.put_line('> Input String : ' ||
ERROR at line 17:
ORA-06550: line 17, column 12:
PLS-00103: Encountered the symbol "." when expecting one of the following:
constant exception <an identifier>
<a double-quoted delimited-identifier> table LONG_ double ref
char time timestamp interval date binary national character
nchar
The symbol "<an identifier>" was substituted for "." to continue.
ORA-06550: line 19, column 12:
PLS-00103: Encountered the symbol "." when expecting one of the following:
constant exception <an identifier>
<a double-quoted delimited-identifier> table LONG_ double ref
char time timestamp interval date binary national chara
ORA-06550: line 20, column 15:
PLS-00103: Encountered the symbol "=" when expecting one of the following:
constant exception <an identifier>
<a double-quoted delimited-identifier> table LONG_ double ref
char time timestamp interval date binary national chara
ORA-06550: line 26, column 15:
PLS-00103: Encountered the symbol "." when expecting one of the following:
constant exception <an iden
Please help quickly.
Similar Messages
-
Failed to call DBMS_CRYPTO.ENCRYPT / DECRYPT
I tried to use Oracle 11gR2 DBMS_CRYPTO to perform AES256 encryption/decryption. From the Oracle Ref., it specifies "Security Model - Oracle Database installs this package in the SYS schema. You can then grant package access to existing users and roles as needed." So requested DBA to grant EXECUTE privilege for the SYS.DBMS_CRYPTO.
I successfully run the SQL "select DBMS_CRYPTO.RANDOMBYTES(64) from dual;", but when I tried to implement Package body. The compiler prompted errors: PLS-00201: identified 'DBMS_CRYPTO' must be declared.
Please kindly help and advise. Thanks!
Src code of the package body:
CREATE OR REPLACE PACKAGE BODY PKG_TOOLKIT AS
g_encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC + DBMS_CRYPTO.PAD_PKCS5;
FUNCTION encrypt (p_text IN VARCHAR2) RETURN RAW IS
l_key VARCHAR2(512);
l_text VARCHAR2(32767) := p_text;
l_encrypted RAW(32767);
BEGIN
getKey(l_key);
l_encrypted := DBMS_CRYPTO.ENCRYPT(src => UTL_I18N.STRING_TO_RAW(l_text, 'AL32UTF8'),
typ => g_encryption_type,
key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
RETURN l_encrypted;
END;
FUNCTION decrypt (p_raw IN RAW) RETURN VARCHAR2 IS
l_key VARCHAR2(512);
l_decrypted VARCHAR2(32767);
BEGIN
getKey(l_key);
l_decrypted := DBMS_CRYPTO.DECRYPT(src => p_raw,
typ => g_encryption_type,
key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
RETURN RTrim(UTL_I18N.RAW_TO_CHAR(l_decrypted, 'AL32UTF8'));
END;
END PKG_TOOLKIT;
/From the Package DBMS_CRYPTO -> Grants, I found there is a privilege "EXECUTE" granted to grantee "ORADEV1". "ORADEV1" is the login ID I'm using to connect to Oracle. Can I tell whether the DBA is granting the privilege to this id or it's role thru Oracle Developer?
-
Key Lenght too short error with dbms_crypto.encrypt
Hi Friends,
I am getting above mentioned error with dbms_crypto.encrypt.
I had created a thread in technology --> security forum but i am not getting any help from there.
ORA-28234 Key Length too short with dbms_crypto.encrypt
Appreciate if anyone help me resolve this issue.
Thanks
ATHi Warren,
Yes function is compiled without any compilation error.
Thanks
AT -
Dbms_crypto encrypt date number datatype
I am using oracle 11g. I am very new to dbms_crypto. I went through documentation but have following doubts:
Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?
If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
Does the RAW size must be in multiple of 16?
How can I encrypt data of datatype date and number using dbms_crypto?
Thanks a lot for your time to clarify my quries?spur230 wrote:
Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?It's not mandatory, but it's certainly a good idea. If you store encrypted data in a VARCHAR2 column, that means that it is subject to character set conversion if it's moved from one database to another or sent from a database to a client machine. But if character set conversion happens, your encrypted data is corrupted.
If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
Does the RAW size must be in multiple of 16?It would be helpful to specify exactly what algorithm and parameters you intend to use because it may vary. If, for example, we encrypt using AES-256 with Cipher Block Chaining and PKCS#5 compliant padding (which happens to be the example in the DBMS_CRYPTO manual), the output RAW will always be a multiple of 16 and as large or larger than the input RAW.
A VARCHAR2(32) will either allocate 32 characters of storage or 32 bytes of storage depending on your NLS_LENGTH_SEMANTICS parameter. If you're using the default, it will allocate 32 bytes. But 32 bytes in the database character set may require more than 32 bytes of storage once you convert it to a UTF-8 encoded RAW (which, technically, also isn't required but is a good practice) and, thus, the encrypted string might require more than 32 bytes of storage. Your database character set and the actual data you store/ want to be able to store will influence how likely it is that you'll need a larger RAW than your VARCHAR2.
How can I encrypt data of datatype date and number using dbms_crypto?dbms_crypto only operates on RAW data. Just like you convert strings to RAW before encrypting them, you'd need to convert your dates and numbers to RAW. For numbers, you should be able to use UTL_RAW.CAST_FROM_NUMBER. I don't know of a method of casting dates to a RAW other than converting them to a known string representation and then encrypting that (and, of course, doing the reverse when you decrypt the string and convert it back to a date using that same format).
Justin -
Error when useing DBMS_CRYPTO package in reports 10g
hi all,
i wrote a package which use dbms_crypto, there are functions to crypto userid and decrypo userid.
in report 6i it work fine it cryptos and decrpts. when i use in reports 10g it gives this error.
-28817 ORA-28817: PL/SQL function returned an error.
ora-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 41
ora-06512: at "YBS.SIFRELE", line 26
the packege like this;
PACKAGE BODY SIFRELE
IS
function sicil_sifrele (p_sicil_no IN varchar2) RETURN varchar2
IS
p_key RAW(128);
p_sicil_raw RAW(128);
p_encrypted_raw RAW(128);
BEGIN
p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
p_sicil_raw := utl_raw.cast_to_raw(p_sicil_no);
p_encrypted_raw := dbms_crypto.encrypt(src => p_sicil_raw,
typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
return (utl_raw.cast_to_varchar2(p_encrypted_raw));
END;
FUNCTION sicil_coz ( p_encrypted_raw IN RAW) RETURN varchar2
IS
p_key RAW(128);
p_decrypted_raw RAW(128);
sicil_donen VARCHAR2(250);
BEGIN
p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
p_decrypted_raw := dbms_crypto.decrypt(src => p_encrypted_raw,
typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
sicil_donen := utl_raw.cast_to_varchar2(p_decrypted_raw);
return (sicil_donen);
END;
END;
thanks.
eserHello,
You should create a "wrapper function"
Create a function in the database that will call dbms_crypto.encrypt / dbms_crypto.decrypt and call this function in Reports.
(The problem here seems to be the reference to dbms_crypto.des_cbc_pkcs5)
Regards -
Using DBMS_CRYPTO package in reports
hi all,
i want to encrypt & decrypt user parameter in report.
to encrypt i use;
l_encrypted_raw := dbms_crypto.encrypt(src => my_parameter,
typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
to decrypt;
l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw,
typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
in sql developer these codes are running. i can encrypt & decrypt
but when i want to decrypt in reports it gives an error like this:
implementation restriction: 'DBMS_CRYPTO.DES_CBC_PKCS5': Cannot directly access remote package variable or cursor
how can i pass this?
thanks...Hello,
You should create a "wrapper function"
Create a function in the database that will call dbms_crypto.encrypt / dbms_crypto.decrypt and call this function in Reports.
(The problem here seems to be the reference to dbms_crypto.des_cbc_pkcs5)
Regards -
Error when using DBMS_CRYPTO package in reports 10g
hi all,
i wrote a package which use dbms_crypto, there are functions to crypto userid and decrypo userid.
the packege like this;
PACKAGE BODY SIFRELE
IS
function sicil_sifrele (p_sicil_no IN varchar2) RETURN varchar2
IS
p_key RAW(128);
p_sicil_raw RAW(128);
p_encrypted_raw RAW(128);
BEGIN
p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
p_sicil_raw := utl_raw.cast_to_raw(p_sicil_no);
p_encrypted_raw := dbms_crypto.encrypt(src => p_sicil_raw,
typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
return (utl_raw.cast_to_varchar2(p_encrypted_raw));
END;
FUNCTION sicil_coz ( p_encrypted_raw IN RAW) RETURN varchar2
IS
p_key RAW(128);
p_decrypted_raw RAW(128);
sicil_donen VARCHAR2(250);
BEGIN
p_key := utl_raw.cast_to_raw(to_char(sysdate,'mmyyyydd'));
p_decrypted_raw := dbms_crypto.decrypt(src => p_encrypted_raw,
typ => dbms_crypto.des_cbc_pkcs5, key => p_key);
sicil_donen := utl_raw.cast_to_varchar2(p_decrypted_raw);
return (sicil_donen);
END;
END;
in report 6i it work fine cryptos and decrpts. when i use in reports 10g it gives this error.
-28817 ORA-28817: PL/SQL function returned an error.
ora-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 41
ora-06512: at "YBS.SIFRELE", line 26
thanks...Hello,
You should create a "wrapper function"
Create a function in the database that will call dbms_crypto.encrypt / dbms_crypto.decrypt and call this function in Reports.
(The problem here seems to be the reference to dbms_crypto.des_cbc_pkcs5)
Regards -
How to encrypt column of some table with the single method ?
How to encrypt column of some table with the single method ?
How to encrypt column of some table with the single
method ?How to encrypt column of some table with the single
method ?
using dbms_crypto package
Assumption: TE is a user in oracle 10g
we have a table need encrypt a column, this column SYSDBA can not look at, it's credit card number.
tha table is
SQL> desc TE.temp_sales
Name Null? Type
CUST_CREDIT_ID NOT NULL NUMBER
CARD_TYPE VARCHAR2(10)
CARD_NUMBER NUMBER
EXPIRY_DATE DATE
CUST_ID NUMBER
1. grant execute on dbms_crypto to te;
2. Create a table with a encrypted columns
SQL> CREATE TABLE te.customer_credit_info(
2 cust_credit_id number
3 CONSTRAINT pk_te_cust_cred PRIMARY KEY
4 USING INDEX TABLESPACE indx
5 enable validate,
6 card_type varchar2(10)
7 constraint te_cust_cred_type_chk check ( upper(card_type) in ('DINERS','AMEX','VISA','MC') ),
8 card_number blob,
9 expiry_date date,
10 cust_id number
11 constraint fk_te_cust_credit_to_cust references te.customer(cust_id) deferrable
12 )
13 storage (initial 50k next 50k pctincrease 0 minextents 1 maxextents 50)
14 tablespace userdata_Lm;
Table created.
SQL> CREATE SEQUENCE te.customers_cred_info_id
2 START WITH 1
3 INCREMENT BY 1
4 NOCACHE
5 NOCYCLE;
Sequence created.
Note: Credit card number is blob data type. It will be encrypted.
3. Loading data encrypt the credit card number
truncate table TE.customer_credit_info;
DECLARE
input_string VARCHAR2(16) := '';
raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
key_string VARCHAR2(8) := 'AsDf!2#4';
raw_key RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII'));
encrypted_raw RAW(2048);
encrypted_string VARCHAR2(2048);
BEGIN
for cred_record in (select upper(CREDIT_CARD) as CREDIT_CARD,
CREDIT_CARD_EXP_DATE,
to_char(CREDIT_CARD_NUMBER) as CREDIT_CARD_NUMBER,
CUST_ID
from TE.temp_sales) loop
dbms_output.put_line('type:' || cred_record.credit_card || 'exp_date:' || cred_record.CREDIT_CARD_EXP_DATE);
dbms_output.put_line('number:' || cred_record.CREDIT_CARD_NUMBER);
input_string := cred_record.CREDIT_CARD_NUMBER;
raw_input := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
dbms_output.put_line('> Input String: ' || CONVERT(UTL_RAW.CAST_TO_VARCHAR2(raw_input),'US7ASCII','AL32UTF8'));
encrypted_raw := dbms_crypto.Encrypt(
src => raw_input,
typ => DBMS_CRYPTO.DES_CBC_PKCS5,
key => raw_key);
encrypted_string := rawtohex(UTL_RAW.CAST_TO_RAW(encrypted_raw)) ;
dbms_output.put_line('> Encrypted hex value : ' || encrypted_string );
insert into TE.customer_credit_info values
(TE.customers_cred_info_id.nextval,
cred_record.credit_card,
encrypted_raw,
cred_record.CREDIT_CARD_EXP_DATE,
cred_record.CUST_ID);
end loop;
commit;
end;
4. Check credit card number script
DECLARE
input_string VARCHAR2(16) := '';
raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII'));
key_string VARCHAR2(8) := 'AsDf!2#4';
raw_key RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII'));
encrypted_raw RAW(2048);
encrypted_string VARCHAR2(2048);
decrypted_raw RAW(2048);
decrypted_string VARCHAR2(2048);
cursor cursor_cust_cred is select CUST_CREDIT_ID, CARD_TYPE, CARD_NUMBER, EXPIRY_DATE, CUST_ID
from TE.customer_credit_info order by CUST_CREDIT_ID;
v_id customer_credit_info.CUST_CREDIT_ID%type;
v_type customer_credit_info.CARD_TYPE%type;
v_EXPIRY_DATE customer_credit_info.EXPIRY_DATE%type;
v_CUST_ID customer_credit_info.CUST_ID%type;
BEGIN
dbms_output.put_line('ID Type Number Expiry_date cust_id');
dbms_output.put_line('-----------------------------------------------------');
open cursor_cust_cred;
loop
fetch cursor_cust_cred into v_id, v_type, encrypted_raw, v_expiry_date, v_cust_id;
exit when cursor_cust_cred%notfound;
decrypted_raw := dbms_crypto.Decrypt(
src => encrypted_raw,
typ => DBMS_CRYPTO.DES_CBC_PKCS5,
key => raw_key);
decrypted_string := CONVERT(UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw),'US7ASCII','AL32UTF8');
dbms_output.put_line(V_ID ||' ' ||
V_TYPE ||' ' ||
decrypted_string || ' ' ||
v_EXPIRY_DATE || ' ' ||
v_CUST_ID);
end loop;
close cursor_cust_cred;
commit;
end;
/ -
DBMS_CRYPTO package help needed :(
Hello all,
I want to use Oracle's DBMS_CRYPTO package for decrypting some data.
I have one sample program as follows which is not working....the error is shown below.
SQL> DECLARE
2 input_string VARCHAR2 (200) := 'Secret Message';
3 output_string VARCHAR2 (200);
4 encrypted_raw RAW (2000); -- stores encrypted binary text
5 decrypted_raw RAW (2000); -- stores decrypted binary text
6 num_key_bytes NUMBER := 256/8; -- key length 256 bits (32 bytes)
7 key_bytes_raw RAW (32); -- stores 256-bit encryption key
8 encryption_type PLS_INTEGER := -- total encryption type
9 DBMS_CRYPTO.ENCRYPT_AES256
10 + DBMS_CRYPTO.CHAIN_CBC
11 + DBMS_CRYPTO.PAD_PKCS5;
12 BEGIN
13 DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);
14 key_bytes_raw := DBMS_CRYPTO.RANDOMBYTES (num_key_bytes);
15 encrypted_raw := DBMS_CRYPTO.ENCRYPT
16 (
17 src => UTL_I18N.STRING_TO_RAW (input_string, 'AL32UTF8'),
18 typ => encryption_type,
19 KEY => key_bytes_raw
20 );
21 decrypted_raw := DBMS_CRYPTO.DECRYPT
22 (
23 src => encrypted_raw,
24 typ => encryption_type,
25 KEY => key_bytes_raw
26 );
27 output_string := UTL_I18N.RAW_TO_CHAR (decrypted_raw, 'AL32UTF8');
28 DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || output_string);
29 END;
30 /
DBMS_CRYPTO.ENCRYPT_AES256
ERROR at line 9:
ORA-06550: line 9, column 2:
PLS-00201: identifier 'DBMS_CRYPTO' must be declared
ORA-06550: line 8, column 23:
PL/SQL: Item ignored
ORA-06550: line 14, column 21:
PLS-00201: identifier 'DBMS_CRYPTO' must be declared
ORA-06550: line 14, column 4:
PL/SQL: Statement ignored
ORA-06550: line 15, column 21:
PLS-00201: identifier 'DBMS_CRYPTO' must be declared
ORA-06550: line 15, column 4:
PL/SQL: Statement ignored
ORA-06550: line 21, column 18:
PLS-00201: identifier 'DBMS_CRYPTO' must be declared
ORA-06550: line 21, column 1:
PL/SQL: Statement ignored
Oracle version is
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production on linux server.
can anybody help me how to resolve this problem?
I mean isnt "DBMS_CRYPTO" Oracle's Standard package?
pls help.Really you should not be using SYSTEM account - you should create your own DBA / Development accounts and use those.
However, what you are missing is to connect as SYS/SYSDBA and...
GRANT EXECUTE ON dbms_crypto TO system; -
Dbms_crypto package for number and date data type
Hi,
I am using Oracle 10g 10.2.0.3 on Linux 64 bit
I am tryiing to use dbms_crypto package for the first time to encypt my tables column
Following are my table columns
NAME1 VARCHAR2(2000),
ID1 NUMBER,
SCORE number
This table is already populated
i want to encrypt Name1 and Score column. Following are the functions i have created for Encryption and decryption.
--For Encryption
create or replace function get_enc_val
p_in in varchar2,
p_key in raw
return raw is
l_enc_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
begin
l_enc_val := dbms_crypto.encrypt
UTL_I18N.STRING_TO_RAW
(p_in, 'AL32UTF8'),
l_mod,
p_key
return l_enc_val;
end;
--For Decryption
create or replace function get_dec_val
p_in in raw,
p_key in raw
return varchar2
is
l_ret varchar2 (2000);
l_dec_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
begin
l_dec_val := dbms_crypto.decrypt
p_in,
l_mod,
p_key
l_ret:= UTL_I18N.RAW_TO_CHAR
(l_dec_val, 'AL32UTF8');
return l_ret;
end;
Key: I have stored a key in other schema and calling it by using function get_key().
Following is my insert
INSERT INTO Score_table VALUES
(get_enc_val('John',get_key()),25,get_enc_val(79,get_key()))
it is giving me following error
ORA-00932:Inconsistent Datatypes:Expected number got binary.
I checked, it is an error due to Score field, which is of number type. So do i need to change type of Score field to varchar or is there any other way to encrypt number and date field.
If i need to change the type then what will happen to the data already in Table and how do i encrypt data already in table.Hi,
Is there any one who can tell me that, do i need to change my table column data type as the encrypted value will be character. -
Dbms_crypto - avoid error when using different key in lower environment
Hello Experts,
We are using Oracle 11.2.0.2. We are planning to implement dbms_crypto to encrypt few columns. We clone the data from production to lower environment ( DEV, QC).
For the lower environments, we do not want to get the sensitive data from production and do not plan to use same key. Rather than getting an error when using differnt key, is it possible to get a different resultset back.
In other words, we want the implementation to be same across environments but want to use a diffent key in lower environment and get different result (or garbage).
Any suggestions would be greatly appreciated.
While testing this logic, I am getting following error when using differnt key to decrypt. It works fine if I use same key.
Error at line 1
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 19
DECLARE
l_credit_card_no VARCHAR2(19) := '1234 5678 9012 3456';
l_ccn_raw RAW(128) := UTL_RAW.cast_to_raw(l_credit_card_no);
l_key RAW(128) := UTL_RAW.cast_to_raw('abcdefgh');
l2_key RAW(128) := UTL_RAW.cast_to_raw('12345678');
l_encrypted_raw RAW(2048);
l_decrypted_raw RAW(2048);
BEGIN
DBMS_OUTPUT.put_line('Original : ' || l_credit_card_no);
l_encrypted_raw := DBMS_CRYPTO.encrypt(src => l_ccn_raw,
typ => DBMS_CRYPTO.des_cbc_pkcs5,
key => l_key);
DBMS_OUTPUT.put_line('Encrypted : ' || RAWTOHEX(UTL_RAW.cast_to_raw(l_encrypted_raw)));
l_decrypted_raw := DBMS_CRYPTO.decrypt(src => l_encrypted_raw,
typ => DBMS_CRYPTO.des_cbc_pkcs5,
key => l2_key); --**Using different key to decrypt
DBMS_OUTPUT.put_line('Decrypted : ' || UTL_RAW.cast_to_varchar2(l_decrypted_raw));
END;Thank you.If I understand what you are trying to do ... and I may not ... it is not going to work.
SQL> DECLARE
2 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
3 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
4 l_key1 RAW(128) := utl_raw.cast_to_raw('abcdefgh');
5 l_key2 RAW(128) := utl_raw.cast_to_raw('zyxwvuts'); -- alternate key used to attempt a different decryption
6
7 l_encrypted_raw RAW(2048);
8 l_decrypted_raw RAW(2048);
9 BEGIN
10 dbms_output.put_line('Original : ' || l_credit_card_no);
11
12 l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw, dbms_crypto.des_cbc_pkcs5, l_key1);
13
14 dbms_output.put_line('Encrypted : ' || RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));
15
16 l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkc
s5, key => l_key1);
17
18 dbms_output.put_line('Key1 : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
19
20 l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkc
s5, key => l_key2);
21
22 dbms_output.put_line('Key2 : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
23 END;
24 /
Original : 1612-1791-1809-2605
Encrypted : 3534443342333642353141363846384237463732384636373943374630364234323243334539383042323135
Key1 : 1612-1791-1809-2605
DECLARE
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 20 -
Need some hints on using dbms_crypto
Hello,
I need some hints on using the dbms_crypto package to generate some password for the OID userpassword attribute. The passwordstring is stored in a format {CRYPT}dasdasdawdww, {SHA}jfsklefjskldjkdlkldf, {MD4}dfdsfgsdgdfewwe or {MD5}fsdfsdadsgdfg where the keyword in the curly brackets describes the encryption methods. I think CRYPT means DES, SHA means SHA-1.
The key for the DES encryption for UNIX password authentification is in the first 2 letters of the encrypted string. I wanna have an encryption function which encrypts the clear type passwords in the right format like this perl script:
#!/bin/perl
print crypt($ARGV[0],"HS");
#: crypt.pl Test123 # program fetch
HSF0Sx2zdrLoQ
Regards
HolgerHello,
meanwhile I made some investigations on the Problem
I tried this code:
DECLARE
input_string VARCHAR2 (200) := 'Test123';
output_string VARCHAR2 (200);
encrypted_raw RAW (2000); -- stores encrypted binary text
decrypted_raw RAW (2000); -- stores decrypted binary text
num_key_bytes NUMBER := 256/8; -- key length 256 bits (32 bytes)
key_bytes_raw RAW (32); -- stores 256-bit encryption key
encryption_type PLS_INTEGER := -- total encryption type
DBMS_CRYPTO.ENCRYPT_DES
+ DBMS_CRYPTO.CHAIN_CBC
+ DBMS_CRYPTO.PAD_PKCS5;
BEGIN
DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);
key_bytes_raw := UTL_I18N.STRING_TO_RAW ( 'HS' );
encrypted_raw := DBMS_CRYPTO.ENCRYPT
src => UTL_I18N.STRING_TO_RAW (input_string, 'AL32UTF8'
typ => encryption_type,
key => key_bytes_raw
-- The encrypted value "encrypted_raw" can be used here
DBMS_OUTPUT.PUT_LINE ( 'Encrypted string: ' || encrypted_raw);
decrypted_raw := DBMS_CRYPTO.DECRYPT
src => encrypted_raw,
typ => encryption_type,
key => key_bytes_raw
DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || UTL_I18N.RAW_TO_CHAR (decr
ypted_raw, 'AL32UTF8'));
DBMS_OUTPUT.PUT_LINE ('Encrypted Char string: ' || UTL_I18N.RAW_TO_CHAR
(encrypted_raw, 'AL32UTF8'));
END;
/and got these error messages:
ERROR at line 1:
ORA-28234: key length too short
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at line 15In the next try:
DECLARE
input_string VARCHAR2 (200) := 'Test123';
output_string VARCHAR2 (200);
encrypted_raw RAW (2000); -- stores encrypted binary text
decrypted_raw RAW (2000); -- stores decrypted binary text
num_key_bytes NUMBER := 256/8; -- key length 256 bits (32 bytes)
key_bytes_raw RAW (32); -- stores 256-bit encryption key
encryption_type PLS_INTEGER := -- total encryption type
DBMS_CRYPTO.ENCRYPT_DES
+ DBMS_CRYPTO.CHAIN_CBC
+ DBMS_CRYPTO.PAD_PKCS5;
BEGIN
DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);
key_bytes_raw := UTL_I18N.STRING_TO_RAW ( 'HS12345678901234' );
encrypted_raw := DBMS_CRYPTO.ENCRYPT
src => UTL_I18N.STRING_TO_RAW (input_string, 'AL32UTF8'
typ => encryption_type,
key => key_bytes_raw
-- The encrypted value "encrypted_raw" can be used here
DBMS_OUTPUT.PUT_LINE ( 'Encrypted string: ' || encrypted_raw);
decrypted_raw := DBMS_CRYPTO.DECRYPT
src => encrypted_raw,
typ => encryption_type,
key => key_bytes_raw
DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || UTL_I18N.RAW_TO_CHAR (decr
ypted_raw, 'AL32UTF8'));
DBMS_OUTPUT.PUT_LINE ('Encrypted Char string: ' || UTL_I18N.RAW_TO_CHAR
(encrypted_raw, 'AL32UTF8'));
END;
/I got some results which have nothing in common with the perl script:
Original string: Test123
Encrypted string: DE5668CD7762074C
Decrypted string: Test123
Encrypted Char string: ?h?bL
PL/SQL procedure successfully completed.Come to think of it I doubt if DBMS_CRYPTO is the right way to solve my problem. Any further hints?
Regards Holger -
Invoke wallet key for use with DBMS_CRYPTO package
Hello,
I intend to use DBMS_CRYPTO and use personal key that is already stored in a wallet (file). Which steps must i take to bring this key as a parameter to DBMS_CRYPTO.ENCRYPT for encypting BLOB. Al examples i found till now use only self created keys.
Many thanks to enyone who can help me with an advice.
ErnestSorry, but you're in the wrong forum (as this one is only for issues with the SQL Developer tool). You'll get more answers in the SQL And PL/SQL forum.
Have fun,
K. -
DBMS_CRYPTO.DECRYPT-Error in decryption.
Hi all,
i created encryption and decryption program using DBMS_CRYPTO package.as a whole both encryption and decryption working fine.but when i used the decrypt part alone using stored encrypted data(RAW DataType) it showing some internal error,kindly help me in this issue.i provided the details here,
* I encrypted a string using dbms_crypto.encrypt and stored that string in a column which i created as RAW datatype format.
*The program i used is ,
DECLARE
op VARCHAR2(500) ;
op_raw raw(2000);
ip raw(2000);
num_key_bytes NUMBER := 256/8; -- key length 256 bits (32 bytes)
key_bytes_raw RAW (32); -- stores 256-bit encryption key
encryption_type PLS_INTEGER := -- total encryption type
DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC + DBMS_CRYPTO.PAD_PKCS5;
BEGIN
SELECT pass INTO ip FROM user_test WHERE user_id =309;
/*this pass is of format RAW,it storing the ouput of DBMS_CRYPTO.ENCRYPT */
/*above query fetches F130E5785F8DAE2D59972FB9B7B74BE4 as output */
/*word used for encryption is 'secret' */
key_bytes_raw := DBMS_CRYPTO.RANDOMBYTES (num_key_bytes);
DBMS_OUTPUT.PUT_LINE ('ip :' || ip);
op_raw := DBMS_CRYPTO.DECRYPT( src =>ip , typ => encryption_type, KEY => key_bytes_raw );
DBMS_OUTPUT.PUT_LINE ('op_raw :'||op_raw);
op:= UTL_I18N.RAW_TO_CHAR (op_raw , 'AL32UTF8');
DBMS_OUTPUT.PUT_LINE ('op :'||op);
END;
* The Error i getting is ,
Error report:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 41
ORA-06512: at line 14
28817. 00000 - "PL/SQL function returned an error."
*Cause: A PL/SQL function returned an error unexpectedly.
*Action: This is an internal error. Contact Oracle customer support.
kindly help me in this issue as soon as possible.
Thanks in advance,
Jeevanand.K
Edited by: Jeevanand K on Oct 26, 2010 2:08 AMHi,
there is a note on Metalink for this: "DBMS_CRYPTO.DECRYPT - ORA-28817 ORA-06512 at DBMS_CRYPTO_FFI", it has id 956603.1.
Herald ten Dam
http://htendam.wordpress.com -
AES Algorithm error when trying to encrypt using stored Java class.
Dear All,
We have a specific reuirement where in we cannot use DBMS_CRYPTO package to encrypt/decrypt data using AES Algorithm
So I am trying to use a stored Java class and I am getting "AES algorithm not available".
I am using Oracle 10gR2 standard edition.
Below is my code
1. Stored Java class
2. Stored function to access the above Java class.
3. Test anonymus PL/SQL to test above code.
Please help me finding the problem why I am getting "AES algorithm not available" error when I call stored Java class in Oracle.?
**** If I use "DES" algorithm, it works. Also the Java code works well if I execute it as normal Java class from Eclipse.
I verified the java.security file in jre/lib/security and I see that there is provider entry for SunJCE.
The jre version in Oracle is 1.4.2.
I appreciate your help.
Thanks,
Priyanka
Step1: Stored java class to encrypt and decrypt data
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED "EncryptUtil" AS
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class EncryptUtil
public static String encrypt(String inStr)
String outStr = "Test data 123";
try
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted =
cipher.doFinal(inStr.getBytes());
outStr =new String(encrypted);
catch (Exception e)
outStr = outStr + "exception thrown::" + e.getMessage();
e.printStackTrace();
return outStr;
Step2: Stored function to access above stored java class.
CREATE OR REPLACE FUNCTION SF_ENCRYPTUTIL(
pKey1 VARCHAR2
) RETURN VARCHAR2 AS
LANGUAGE JAVA NAME 'EncryptUtil.encrypt(java.lang.String ) return java.lang.String';
Step3: Test encryption and descryption
DECLARE
outstr VARCHAR2(2000);
BEGIN
DBMS_OUTPUT.PUT_LINE('outstr-->' || SF_ENCRYPTUTIL('12345'));
END;
Below code example using DBMS_CRYPTO. This works, but we do not want to use this.
declare
l_in_val varchar2(2000) := 'Test data 123';
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
l_enc raw (2000);
l_enc_key raw (2000);
l_dec raw (2000);
begin
l_enc := dbms_crypto.encrypt
UTL_I18N.STRING_TO_RAW (l_in_val, 'AL32UTF8'),
l_mod,
HEXTORAW('156ae12300ccfbeb48e43aa016febb36'),
HEXTORAW('001122230405060708090a0b0c0d0e0f')
dbms_output.put_line ('Encrypted='||l_enc);
end;
Edited by: user5092433 on Sep 10, 2009 12:26 AMI guess I'd be a bit curious about why you can't use a DBMS_CRYPTO solution that provides identical output. It seems odd to want to have a procedure running inside Oracle and then dictate that it has to be Java and not PL/SQL...
I verified the java.security file in jre/lib/security and I see that there is provider entry for SunJCE.
The jre version in Oracle is 1.4.2.Which java.security file are you talking about? The JVM that is inside the Oracle database does not and can not use configuration files that are outside the database. I suspect when you talk about files and paths that you're looking at a JVM outside the database, which is not the JVM that your Java stored procedure would be using.
Looking at the error, my assumption is that some JAR file needs to be loaded into the internal JVM in order for the AES algorithm to be available. But I'm unfortunately not familiar enough with these classes to say what that would be.
Justin
Maybe you are looking for
-
Dear sap helpers, could you pls check & let me know if the Cost center and WBS elements can be displayed in SAP transaction FBL1N- "Vendor Line Item display". regards Venkat
-
I just purchased and down loaded Pages to my iMac. How do I get the Pages app over to my iPad?
-
What is the best advice for starting IT Manager ?
Let say, I m going to drop my tech job & moving in to IT Management stream. What is your best & first advice to follow once become an IT Manager ? This topic first appeared in the Spiceworks Community
-
I got no buttom for "warning message" under security tab. /Stefan
Hallo! I got no button for -warning message- under Security in Firefox 35.0.1
-
I have uninstalled the comcast toobar several times and then reinstalled it to no avail.