Encrypting data in database

Similar Messages

• How to insert encrypted data by using blowfish into mysql database

  Hi
  I have encrypted data using blowfish algorithm . And i tried to insert that encrypted data into mysql. it was stored but i dont know that it stores in the same encrypted formate
  When i am trying to get the encrypted data from the mysql database and decrypting that data i am getting errors.
  Exception are like
  input length should be multiple of 8 bits
  or Given block are not properly padded
  and when i am displaying the data using system.out.println ();
  the string is not similar to the string which is in database.
  what is the problem how can i solve my problem
  thank you

  It sounds like your column is a VARCHAR so you need to Base64 or Hex encode the cipertext bytes before putting them in the database.

• ** How to encrypt data when saving it in DB directly?

  Hi All,
  I want a method to encrypt data in the database when saving it directly
  that is when any one enabled to see the data he will see it encrypted!

  Hi..
  What is the oracle database version???
  As you want the users to see the encypted data, the best option is use DBMS_CRYPTO to encrypt the data.
  [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_crypto.htm]
  [http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php]
  HTH
  Anand
  Edited by: Anand... on Oct 19, 2009 2:11 PM

• What are the third party tools available for Encryption in Oracle database?

  Dear All,
  Can you please help me with the below question?
  What are the third party tools available for Encryption in Oracle database? Please let me know if you know their feedback and also licensing/cost information

  Why would you spend money to purchase a third-party tool that will be, almost by definition, less secure than the tools inside the product you already own and paid for?
  http://www.morganslibrary.org/reference/pkgs/dbms_crypto.html
  But were I to have any to recommend one I would not do so without knowing information you seem to consider unimportant such as:
  1. Operating system
  2. Database edition and version
  3. What type of data needs to be secured
  4. What level of security is required

• Export and Import encrypted data

  Hi,
  I have a database table with encryped data (encrypted using DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt). I am having an issue when I export this table and import it into a new schema. The encrypted data seems to have changed after import. I am unable to decrypt it from the new schema.
  Below is the character set details from export/import.
  "Export done in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set. Server uses WE8ISO8859P1 character set (possible charset conversion)."
  "Import done in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set."
  Has anybody had this issue before? Does it have anything to do with the character set? If so, how do I fix it?
  Thank you!

  Hello,
  since this question is about using the export utility, you might better ask this in {forum:id=61} or {forum:id=732}.
  Regards
  Marcus

• Oracle Replication - Encrypted Data and Oracle Data Guard

  We are working on a high availability architecture for one of our new projects. The preliminary architecture has Oracle 10g Release 2(10.2.0.2) production database (primary database) running on Solaris10 server for OLTP operations. And a production replicated database (standby database) is running on another node running on Solaris10 server for reporting, ETL data extractions etc. The plan is to implement Oracle data guard (DG) to replicate data between primary database and standby database (logical standby database). As a side note, there is going to be one to two minute time log for data synchronization between primary and standby databases.
  We need to encrypt sensitive data (like SSN, Credit Card No. etc) in the primary production database. Initially we thought this can be achieved by using Oracle Transparent Data Encryption (TDE), this is a new encryption method Oracle came up with their 10g version. But the issue here is Oracle TDE doesn’t support setting up the logical standby database (using Oracle data Guard) for reporting on the second node. I have confirmed with Oracle on this, so we are kind of stuck in the middle on this new requirement. So our next option is to look out for any third party vendors who can resolve this puzzle, and looking for your help for any suggestions.
  · Do you know any vendor who can support both data encryption and data replication for Oracle databases?
  · Do you know any vendor who can support just data encryption for Oracle databases?
  (I am thinking if we can find a vendor, we would like to ask them if they have any technical issues working with Oracle data guard for data replication and use some kind of technique to decrypt the data on the standby/reporting database.)

  You can always use the DBMS_CRYPTO or DBMS_OBFUSCATION_TOOLKIT to encrypt the data rather than using TDE. You may have to do some work on the key management side, though, but it shouldn't be too painful.
  Justin

• Send encrypted data from oracle 11g to Ms SQL Server 12

  Hi every body,
  we want to send encrypted data from oracle 11g to Ms SQL Server 12:
  - data are encrypted to oracle
  - data should be sent encrypted to Ms SQL server
  - data will be decrypted in Ms SQL server by sensitive users.
  How can we do this senario, any one has contact simlare senario?
  can we use asymetric encription to do this senario?
  Please Help!!
  Thanks in advance.

  Hi,
    What you want to do about copying data from Oracle to SQL*Server using insert will work with the 12c gateway.  There was a problem trying to do this using the 11.2 gateway but it should be fixed with the 12c gateway.
  If 'insert' doesn't work then you can use the SQLPLUS 'copy' command, for example -
  SQL> COPY FROM SCOTT/TIGER@ORACLEDB -
  INSERT SCOTT.EMP@MSQL -
  USING SELECT * FROM EMP
  There is further information in this note available on My Oracle Support -
  Copying Data Between an Oracle Database and Non-Oracle Foreign Data Stores or Databases Using Gateways (Doc ID 171790.1)
  However, if the data is encrypted already in the Oracle database then it will be sent in the encrypted format. The gateway cannot decrypt the data before it is sent to SQL*Server.
  There is no specific documentation about the gateways and TDE.  TDE encrypts the data as it is in the Oracle database but I doubt that SQL*Server will be able to de-encrypt the Oracle data if it is passed in encrypted format and as far as I know it is not designed to be used for non-Oracle databases.
  The Gateway encrypts data as it is sent across the network for security but doesn't encrypt the data at source in the same way as TDE does.
  Regards,
  Mike

• Dbms_crypto encrypt date number datatype

  I am using oracle 11g. I am very new to dbms_crypto. I went through documentation but have following doubts:
  Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?
  If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
  Does the RAW size must be in multiple of 16?
  How can I encrypt data of datatype date and number using dbms_crypto?
  Thanks a lot for your time to clarify my quries?

  spur230 wrote:
  Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?It's not mandatory, but it's certainly a good idea. If you store encrypted data in a VARCHAR2 column, that means that it is subject to character set conversion if it's moved from one database to another or sent from a database to a client machine. But if character set conversion happens, your encrypted data is corrupted.
  If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
  Does the RAW size must be in multiple of 16?It would be helpful to specify exactly what algorithm and parameters you intend to use because it may vary. If, for example, we encrypt using AES-256 with Cipher Block Chaining and PKCS#5 compliant padding (which happens to be the example in the DBMS_CRYPTO manual), the output RAW will always be a multiple of 16 and as large or larger than the input RAW.
  A VARCHAR2(32) will either allocate 32 characters of storage or 32 bytes of storage depending on your NLS_LENGTH_SEMANTICS parameter. If you're using the default, it will allocate 32 bytes. But 32 bytes in the database character set may require more than 32 bytes of storage once you convert it to a UTF-8 encoded RAW (which, technically, also isn't required but is a good practice) and, thus, the encrypted string might require more than 32 bytes of storage. Your database character set and the actual data you store/ want to be able to store will influence how likely it is that you'll need a larger RAW than your VARCHAR2.
  How can I encrypt data of datatype date and number using dbms_crypto?dbms_crypto only operates on RAW data. Just like you convert strings to RAW before encrypting them, you'd need to convert your dates and numbers to RAW. For numbers, you should be able to use UTL_RAW.CAST_FROM_NUMBER. I don't know of a method of casting dates to a RAW other than converting them to a known string representation and then encrypting that (and, of course, doing the reverse when you decrypt the string and convert it back to a date using that same format).
  Justin

• Fetch encrypted data to Items

  Hello Everyone,
  I insert data in form page. And, process encrypts these data to database.
  I can see data in İntreactive Report. But, when I clicked 'update' buton in intreactive report for a row, data is directed to form page's items as encrypted.
  How can i decrypte data on form page for updating?
  I think, I want to fetch row from table process.
  Any suggestion thanks
  Edited by: ksql on 09.Mar.2011 23:07

  suppose you have a table named my_table
    id    NUMBER
    col1 VARCHAr2
    col2 VARCHAr2
    col3 VARCHAr2And you have functions named decrypt and encrypt that is used for encryption-decryption
  <li>create a view named my_view
  create view my_view as select id,decrypt(col1) col1,decrypt(col2) col2,decrypt(col3) col3 from my_tableYour current tabular form's SQL query would be based on my_table,
  for example
  select id,col1,col2,col3 from my_tablechange that to reference the view
  select id,col1,col2,col3 from my_viewYou would have to change the table reference in the MRU/MRI processes so that it uses the view name as the database table. With this apex would(try) and insert/update the records from the view.
  Since a view does not have these operations , you would have to handle the insert/update processes by writing a trigger that handles such cases , which is done using an "instead of" trigger on the view(documentation).
  CREATE OR REPLACE TRIGGER my_view_insert
  INSTEAD OF UPDATE ON my_view
  FOR EACH ROW
  BEGIN
    UPDATE my_table
    SET col1 = encrypt(:NEW.col1)
         ,col2 = encrypt(:NEW.col2)
         ,col3 = encrypt(:NEW.col3)
    WHERE id= :NEW.id;
  END;Hope that was clear enough.

• Encrypting data in transit

  Hi Gurus,
  Oracle 11203
  RHEL 6
  I'm in the process of setting up network encryption for the client .The JAVA application(jboss) uses thin client and i have the below parameters setup in the sqlnet.ora on the db server.I don't really have to setup the relevant parameters on the client side ( i have many clients)since i'm controlling the encryption from the database ,correct?
  What encryption algorithm should i be using to have little impact with adequate security?and how to make sure that communication should not fail with any of the clients .
  SQLNET.ENCRYPTION_SERVER=REQUIRED
  SQLNET.ENCRYPTION_TYPES_SERVER=(AES256,AES128,RC4_256)
  SQLNET.CRYPTO_CHECKSUM_SERVER=REQUIRED
  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1,MD5)
  SQLNET.CRYPTO_SEED="vbnmjhyuiotrewsdfghlklnbvdsyuj"
  Regards

  1. As far as I know to be able to use DB client's encryption it is necessary to have advanced security licence. But this needs additional clarification.
  2. Definitions you specified above are not enough. Just check listener.log in diag/tnslsnr/<dbname>/listener/trace for protocols used for connections.
  They will be like:
  Sat Sep 20 21:47:44 2014
  Dynamic address is already listened on (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=1521)))
  3. You may check port security status with:
  nmap -sV --script ssl-enum-ciphers -p 1521 <DB hostname or IP>
  4. Check your listener:
  lsnrctl status
  Mostly you will have like:
  LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 27-SEP-2014 09:41:16
  Copyright (c) 1991, 2011, Oracle.  All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=1521)))
  STATUS of the LISTENER
  Alias                    LISTENER
  Version                  TNSLSNR for Linux: Version 11.2.0.3.0 - Production
  Start Date                27-SEP-2014 09:40:38
  Uptime                    0 days 0 hr. 0 min. 37 sec
  Trace Level              off
  Security                  ON: Local OS Authentication
  SNMP                      OFF
  Listener Parameter File  /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
  Listener Log File        /u01/app/oracle/diag/tnslsnr/<dbname>/listener/alert/log.xml
  Listening Endpoints Summary...
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=1521)))
  Services Summary...
  Service "<sericename>" has 1 instance(s).
    Instance "<instancename>", status READY, has 1 handler(s) for this service...
  Service "<servicename>XDB" has 1 instance(s).
    Instance "<instancename>", status READY, has 1 handler(s) for this service...
  The command completed successfully
  5. You may get supported ciphers suits with
  adapters $ORACLE_HOME/bin/oracle

• Move Data Between Databases

  Dear All,
  I have 2 databases one of them in Egypt and the other in USA.
  I want to transfer data of one schema between the 2 databases.
  I currently use export and import utility to do this action but the size of data is very large so I want an automatic way to do this action.
  what can I use to solve this problem?
  can I use advanced replication or dataguard or what.
  if I use advanced replication data will be transferred through a database link over the internet which will be a very slow operation.
  what can I do,please help.

  Hello Airtifa,
  The main reasons to use a VPN would be
  a) dedicated connection, so more reliable
  b) no or little need to encrypt data, as data doesn't travel across the public Internet
  It should have a positive effect on performance, though you may be suffering from high latency in the network.
  What I'm trying to say is:
  there is not much to tune in a sqlnet connection of whatever type (database links are just ordinary connections), apart from the Session Data Unit, which should be a multiple of the MTU of the network card (so the card doesn't have to fragment packets).
  You are really at the mercy of the (bandwith of the) connection.
  If the connection is slow, the link will be slow.
  If the connection is fast, the link shouldn't pose extra problems.
  Database links aren't slow. Networks can be.
  Also not using the array interface in an efficient way can be a killer.
  Sybrand Bakker
  Senior Oracle DBA

• Encryption from the database to the application

  I'm new to this kind of programming. I'm doing a VB.net application with a SQL database in a server. I did cell level encryption but I have one concern. When I execute the stored procedure from the application the information from the database will be decrypted
  and will be traveling from the server to the client insecurely I think. If that's the case what can I do. I have not found anything on how to deal with this. The reason I need to do this is HIPAA compliance. 

  That would be a matter of securing the connection between the client and the server.  Or you pass the encrypted data to the client and allow it to perform the decryption.
  Securing the connection would be a topic for a SQL forum, but you should also be able to find general information online, such as:
  https://msdn.microsoft.com/en-us/library/bb879935(v=sql.110).aspx
  Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

• How to make encrypted data more secure?

  Hi All,
  We are using Oracle 9i database. We have a task to encrypt some of data before storing into database. We have developed a function to encrypt the data using Dbms_Obfuscation toolkit. But, the user who has access to that function source code can easily decrypt the data. Now we need to have the solution so that we can securely save/store Encryption Key, which can be accessed by Application User only.
  One alternative we are thinking is creating a table in SYS user and storing the value there. We can grant SELECT privileges to Application User Only.
  We are looking for other alternatives if we have any. Do you have any idea?
  Thanks in Advance.
  Thanks and Best Regards,
  Dharmesh Patel
  Database Server:
  Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.1.0 - Production
  ******************************************************/

  I had a look at this conundrum a while back, when we wanted to store credit card details in a database. Basically, there are two choices:
  (1) Don't store the key in the database and make the users type it in whenever they want to see encrypted data; or
  (2) Store the key in the database and accept the risk that it might be abused by privileged users (i.e. DBAs).
  As many users have difficulty remembering their password when it's MOM123 I think it's unlikely they will be able to cope with a properly secure PKI string.
  You can mitigate the risks inherent in option 2 by having very strong auditing of the function's execution, but I'm sure knowledgeable, black-hatted DBAs will be able to find workarounds.
  But, if you can't trust your DBAs you're probably stuffed anyway.
  Cheers, APC

• Encrypt data x-fer via DB links?

  1. Is it possible to encrypt the data transferred between two 8i databases via a database link?
  2. Can this be done WITHOUT Advanced Security Option? How?
  3. If ASO is required, can data xfer encryption be limited to a subset of all clients?

  You can encrypt data over a database link, but you need to use ASO to do so.
  I'm not sure what exactly you mean by a subset of all clients. Since ASO needs to be configured both on the client and on the server, you could certainly configure ASO on some clients and not on others. If you're asking to encrypt a subset of data going over a database link based on the original client, I'd need a bit more information about what you're trying to accomplish.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• HT201250 How to encrypt data on time machine?

  I have already backed up my mac using time machine. How do I go back and uncheck the option encrypt data, so I can see the flies on windows computer too?

  Zac. wrote:
  What I have found is that the TM backup database is only accessible to the machine that created it. The individual accounts in the TM backup, assuming you have more than one account backed up, is only accessible to that individual account. While it is not Filevault level security, unless your home folder is filevault protected, you should be okay.
  HTH
  zac
  When I disconnect the external drive with the Time Machine backup from my MacBook and connect it to my iMac at work, I can browse the TM folder and access just about any file for any user account that is backed up. Am I really the only one where the backup is not protected?