RC4 Encryption with DBMS_CRYPTO - 10.1..0.3 database

Similar Messages

• Hash/Encryption with DBMS_CRYPTO difficulties

  I'm working on a project to migrate several legacy PHP and Oracle F&R applications to APEX. The biggest challenge we face right now is a matter of authentication. I understand APEX has several different methods for authentication, and this question doesn't apply to that.... what we are doing is basically a custom authentication.
  Right now, we have a single password management system. A user accesses that system to manage/change their password and the system will distribute the password out to the Windows, *nix, and various applications across the business. For our existing applications we basically receive a file that contains <user>:<password_hash> and this file gets loaded into our database. The problem that I've run into is the hash we receive is based on the archaic UNIX crypt(1). With our PHP applications, this isn't a big deal since the PHP crypt function still supports it. Basically crypt(password, salt)=hash. Once a user is authenticated, everything else is handled by the applications and the security features that they use. No big deal there. According to the people that manage the password server, it can be modified to output a hash/encrypted password in any method available to OpenSSL.
  What I'm trying to do, is create a PL/SQL procedure where I can pass the user password and have the procedure do the hash or encryption, match the value, and the return true/false. This will allow the package to be used by PHP, APEX, and some other stuff. Oracle does not support, in any method that I have found, the UNIX crypt(1). Looking at dbms_crypto, dbms_obfuscation_toolkit, and dbms_sqlhash it looks like the crypto package is the one to use. Here is where I've run into problems. I have been unable to generate a hash (using MAC) for, or encrypt (preferably AES256), a password that matches anything that I have output via OpenSSL. I know it's just a matter of getting the flags/parameters to line up between the two, but I'm afraid I'm out of my league here.
  Has anyone successfully done anything like this before? How?
  Worst case scenario, I could create a Java package in the database that shells out to the command line and runs OpenSSL and returns a hash. That is far more complicated and messy, so I'd rather avoid that route if at all possible.

  Hi,
  here is a HMACSHA1 (on 12c sha256 ?):
  CREATE OR REPLACE FUNCTION get_hash_val (
     p_in_val IN   VARCHAR2,
     p_key IN   VARCHAR2,
     p_algorithm IN   VARCHAR2 := 'SH1'
     RETURN VARCHAR2
  IS
     l_mac_val RAW (4000);
     l_key RAW (4000);
     l_mac_algo PLS_INTEGER;
     l_in RAW (4000);
     l_ret VARCHAR2 (4000);
  BEGIN
     l_mac_algo :=
        CASE p_algorithm
           WHEN 'SH1'
              THEN DBMS_CRYPTO.hmac_sh1
           WHEN 'MD5'
              THEN DBMS_CRYPTO.hash_md5
        END;
     l_in     :=            utl_i18n.string_to_raw (p_in_val, 'AL32UTF8');
     l_key  :=           utl_i18n.string_to_raw (p_key, 'AL32UTF8');
     l_mac_val  :=  DBMS_CRYPTO.mac ( src => l_in,  typ => l_mac_algo,  key=>l_key );
     l_ret   := RAWTOHEX (l_mac_val);
     RETURN l_ret;
  END get_hash_val;
  SELECT get_hash_val (  ‘01234567890123456789012345678901234567890’ , '01234567890')
  from dual;
  GET_HASH_VAL('01234567890123456789012345678901234567890','01234567890')
    4476F5A1D44B2BFEE843F6A8EC7400DA8913D5F1
  You can verify it with::  http://jssha.sourceforge.net/ 
  Hope it helps.

• How to resolve bug RC4 encrypt-decrypt on iPAD with AIR15 only

  Hi everybody,
  I have some trouble with AIR15 only, In the past, I created a small game on iPad It could send or receive messge from server. I used lib as3crypto.swc encrypt or decrypt message (RC4). But when I upgrade to AIR15 encrypt-decrypt cannot work ( Another thing about this crash is that it only happens with a release (adhoc or appstore) build but NOT with a debug build). I check so many time but i don't know what is problem here.
  Please help me, thanks so much any advice.
  P/S: My game have many swf files (code and resource). I must combine multiple SWF files into one.
  Class RC4.as
  import com.hurlant.crypto.prng.ARC4;
  import com.hurlant.util.Base64;
  import com.hurlant.util.Hex;
  import flash.utils.ByteArray;
  public class RC4
    private static const key:String = "keytest";
    private static var byteKeys:ByteArray = Hex.toArray(Hex.fromString(key));
    private static var rc4:ARC4 = new ARC4();
    public static function encrypt(clearText:String):String
    var byteText:ByteArray = Hex.toArray(Hex.fromString(clearText));
    rc4.init(byteKeys);
    rc4.encrypt(byteText);
    return Base64.encodeByteArray(byteText);
  public static function decrypt(encryptedText:String):String
    var byteText:ByteArray = Base64.decodeToByteArray(encryptedText);
    rc4.init(byteKeys);
    rc4.decrypt(byteText);
    return Hex.toString(Hex.fromArray(byteText));

  Sorry, exact message is "this movie could not be played".
  There are hundreds of posts about this message but no one states a clear solution to the problem.
  Your help will be much appreciated.
  Thank you.

• Key Lenght too short error with dbms_crypto.encrypt

  Hi Friends,
  I am getting above mentioned error with dbms_crypto.encrypt.
  I had created a thread in technology --> security forum but i am not getting any help from there.
  ORA-28234 Key Length too short with dbms_crypto.encrypt
  Appreciate if anyone help me resolve this issue.
  Thanks
  AT

  Hi Warren,
  Yes function is compiled without any compilation error.
  Thanks
  AT

• How to find length of string after encryption using DBMS_CRYPTO package

  Hi,
  I am planning do data encryption using DBMS_CRYPTO package. I want to find how much will be string length after encryption.
  e.g When I try to encrypt string of length between 1-15 characters it gives me encrypted string of 32 characters. When I try with 16 charcters encrypted string is of 64 characters.
  Is ther any formula to calculate length of encrypted string?
  Thanks
  Pravin

  The length change is dependent upon the algorithm you are using which can be a combination of cipher block, padding, and chaining.
  The best solution is determine the method you are going to use and apply it to the l ongest possible strings you are going to proces, then add some safety margin. There iis no penalty for defining your column as VARCHAR2(4000).

• Is Weblogic 11g supports for Kerberos AES/RC4 Encryption on Windows 2008 R2

  Is Weblogic 11g supports for Kerberos AES/RC4 Encryption on Windows 2008 R2?
  Thanks,

  DES is disabled by default on 2008, could this DC be a Windows 2003?  If so then this would be the expected encyption.
  The following is the list of the encryption available for each Windows system
  Windows 2000,  XP,Windows Server 2003:     
  DES, RC4          
           Vista
  , Windows Server 2008:      DES, RC4,AES          
           Windows 7 and  Windows Server  2008 R2:     DES(disabled by default), RC4,AES
  From:
  http://blogs.msdn.com/b/openspecification/archive/2010/11/17/encryption-type-selection-in-kerberos-exchanges.aspx
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• RC4 Encryption

  Hi,
  How do i use jce framework for RC4 encryption. I have tried with the below piece of code but it gives the following error at line cipher.init( Cipher.ENCRYPT_MODE, key )
  at javax.crypto.Cipher.a(DashoA12275)
  at javax.crypto.Cipher.a(DashoA12275)
  at javax.crypto.Cipher.a(DashoA12275)
  at javax.crypto.Cipher.init(DashoA12275)
  at javax.crypto.Cipher.init(DashoA12275)
  at Test_RC4.main(Test_RC4.java:23)
  Similar code worked perfectly for 'blowfish' algorithm. Please reply if anybody knows what needs to be done.
  import java.io.*;
  import java.security.*;
  import javax.crypto.*;
  public class  Test_RC4
       public static void main(String[] args)
      // Define the size of buffer that will be read at a time.
            int kBufferSize = 8192;
            try
            KeyGenerator generator = KeyGenerator.getInstance( "RC4" );
            generator.init(128);
            SecretKey key = generator.generateKey();
            ObjectOutputStream out = new ObjectOutputStream( new FileOutputStream( "SecretKey.ser" ) );
            out.writeObject(key);
            out.close();
          Cipher cipher = Cipher.getInstance( "RC4" );
          if ( args[0].indexOf( "e" ) != -1 )
              // Initialisation of cipher object for Encryption.
              cipher.init( Cipher.ENCRYPT_MODE, key );
          // If -d given on command line initialize the cipher object for Decrypt mode.
          else
              // Initialisation of cipher object for Decryption.
              cipher.init( Cipher.DECRYPT_MODE, key );
  // Input stream for the file to be encrypted or decrypted.
          FileInputStream   inputStream = new FileInputStream( args[1] );
          // Output stream for output the file storing encrypted or decrypted data.
          FileOutputStream outputStream = new FileOutputStream( args[2] );
          // CipherOutputStream takes care of writing the file in encrypted or decrypted mode
          // using cipher object according to the mode the cipher object is initialised to.
          CipherOutputStream cipherOutputStream = new CipherOutputStream( outputStream, cipher );
          byte[] buffer = new byte[kBufferSize];
          int length;
          while ( ( length = inputStream.read( buffer ) ) != -1 )
              cipherOutputStream.write(buffer, 0, length);
          // close all the streams.
          inputStream.close();
          cipherOutputStream.close();
          outputStream.close();
            catch (Exception ex)
                 ex.printStackTrace();
  }

  I found on page: http://www.bouncycastle.org/specifications.html
  This:
  Note: with JDK 1.4 and later you will need to have installed the unrestricted policy files to take full advantage of the provider. If you do not install the policy files you are likely to get something like the following:
  java.lang.SecurityException: Unsupported keysize or algorithm parameters
  at javax.crypto.Cipher.init(DashoA6275)
  After instal jce.jar is this problem missed.

• How to update "Encrypt with UserKey" after Windows User Profile replacement?

  A problem with my User Profile required that the files be backed up, the profile deleted, a new profile created and my files restored. I have several SSIS projects built in Visual Studio 2012 that use "EncryptSensitiveWithUserKey". I assume the
  "UserKey" is based on the SID or GUID of my User Profile. Now when I open these projects I get the Warning:
  Warning 2 Warning loading SSISProject.dtproj: Warning: Failed to decrypt sensitive data in project with a user key. You may not be the user who encrypted this project, or you are not using the same machine that was used to save the project. If the sensitive data is a parameter value, the value may be required to run the package on the Integration Services server. SSISProject.dtproj 0 0
  Is there a way to reset the UserKey in an existing project to the key for my new Profile? Is the value derived and used for encryption stored in the .dtproj file? If so can I copy that value from a new SSIS project into the .dtproj file for my old projects?
  There has to be some way to "transfer ownership" of an SSIS project.
   

  There has to be some way to transfer "ownership" of SSIS projects between developers. Forget about my specific case of my profile being recreated. Let's say I built this SSIS project and was required to use Encrypt with UserKey. I leave
  the company. They ask another developer to make changes to the project. My old "ownership" of the project should be somehow transferable to the new developer. It shouldn't be tied to my ID (which no longer exists at the company) in perpetuity. Microsoft
  has to have some way to transfer "ownership" of SSIS Projects with "Encrypt with UserKey". It's such a common use case I can't believe they wouldn't provide for it.
  No, there is no way . This option is the default and it is actually the worst option precisely because it is useless in team development environment. Use
  EncryptSensitiveWithPassword option just like Arthur suggested and you should be fine.
  SSIS Tasks Components Scripts Services | http://www.cozyroc.com/

• Cryptsetup: Swap encryption with supend-to-disk doesn't work

  Hello Community,
  i'm trying to get swap encryption with suspend-to-disk support to a working state.
  On my system only the /home partition is encrypted with cryptsetup-LUKS.
  I'm using the howto on "Using a swap file" (with /home/swapfile as swap file) in the wiki: https://wiki.archlinux.org/index.php/Dm … sk_support
  I followed exactly the given instructions:
  From /etc/mkinitcpio.conf
  HOOKS="base udev autodetect encrypt block resume filesystems keymap fsck"
  From /etc/default/grub
  GRUB_CMDLINE_LINUX="pcie_aspm=force pcie_aspm.policy=powersave pcie_port=native ipv6.disable=1 init=/usr/lib/systemd/systemd resume=/dev/mapper/crypthome resume_offset=16721572"
  From /etc/fstab:
  /home/swapfile none swap defaults 0 0
  The swapfile is working. Suspend-to-disk also works. But when resuming, I always get:
  ERROR: failed to open encryption mapping
  The device UUID=... is not a LUKS volume and the crypto= parameter was not specified
  running hook [resume]
  Waiting 10 seconds for /dev/mapper/crypthome
  ERROR: resume: hibernation device /dev/mapper/crypthome not found
  Then the system recovers the filesystem of / and later after the passphrase input of /dev/mapper/home it is forced to recover the filesystem of /home.
  Shouldn't I get a passphrase input when running the [resume] hook?
  Where is the problem I have missed?
  Thanks in advance!
  Last edited by indianahorst (2014-01-23 17:39:31)

  ball wrote:It seems that you've specified your home partition for the resume parameter, that is wrong. It should be the swap partition: https://wiki.archlinux.org/index.php/Su … parameters
  No. Have you read my posting completely?
  I don't use a swap partition.  I'm using a Swapfile on my encrypted home partition. See the link in the first posting and go to "Using a swap file".

• Receiving bitlocker error in Event Viewer whenever i attach an external HD to my desktop (non are encrypted with bitlocker)

  Hello All,
  Seem to be having a problem recently.  Whenever I attach any external drive to my Desktop I receive the following error in Even Viewer.  I never encrypted any of the drives in question with bitlocker.
  Encrypted volume check: Volume information on \\?\Volume{7cc70383-5d6b-11e0-855c-001c25a5a540} cannot be read.
  Event ID: 24620
  And I cannot access my drive information.    At first i thought it may be an issue with one of the drives I have partially encrypted with TrueCrypt but I tried several other unencrypted drives and I receive the same error and I cannot access the
  data on my drives.
  I tried to access the Bit Locker Recovery tool program (downloaded the VISTA Version since there was no Windows 7 Version that I could find), but it did not allow me to install the recovery tool to attempt some kind of fixing.
  The strange thing is that I do not have Windows 7 Ultimate installed (which from what I understand is the only way to have Bitlocker).  I have windows 7 professional and I never encrypted my drives with bitlocker, 1 out of the 3 drives is partially
  encrypted with TrueCrypt, the other 2 are not encrypted with anything.
  The stranger thing is that I can plug the external drives to another laptop and I can access the data fine with no problem or errors.  I searched the forum for simliar problems, but did not see any responses with fixes to this issue.
  The only thing I can think of is that my Desktop downloaded and installed a bunch of Windows Updates within the last 4-5 days.
  heres is the update list
  http://farm6.static.flickr.com/5304/5890096650_431b0f3627_b.jpg
  Any assistance in attempting to figure this out would be appreciated.

  Hi,
  According to the error message, it should use
  BitLocker Repair Tool to fix it, refer:
  http://technet.microsoft.com/en-us/library/cc734057(WS.10).aspx
  What error message did you receive when you use BitLocker repair Tool?
  I notice one drive is encrypted with TrueCrypt, please use that program to unencrypt the drive for test.
  If it doesn’t work, since the issue didn’t appear before, you can try to perform a system restore to see the result.
  Hope that helps.
  Regards,
  Leo  
  Huang
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How can I retrieve the password hint of an external drive encrypted with FileVault 2?

  Hi,
  I'm running on 10.7.3, I have an external HDD that is fully encrypted with FileVault 2.  When encrypting an external drive, FileVault 2 doesn't provide a recovery key, but it gives you the opportunity to give a hint at the time you enter the password.  My question is: how can I get this hint?
  I'm asking because I can't mount the drive anymore.  I keep getting prompted to enter the password, and although I believe I'm sure what the password is, it keeps getting refused.  The weird thing is that I have never been asked this password because the drive has always been automatically mounted after reboots, I guess because the password was in my Keychain.  I have no idea why it no longer auto-mounts and none of the passwords I tried worked.
  In Disk Utility, when I tried to "verify" the locked volume, Disk Utility logs an error in system.log with no other user visible action.  I filed a bug with Apple about this (#11286871) but I'm still waiting to hear back from them.  The error logged is:
  Apr 20 22:53:17 nowwhat Disk Utility[1508]: -[__NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: diskIdentifier)
  Apr 20 22:53:17 nowwhat Disk Utility[1508]: (
                      0   CoreFoundation                      0x00007fff915bffc6 __exceptionPreprocess + 198
                      1   libobjc.A.dylib                     0x00007fff87a37d5e objc_exception_throw + 43
                      2   CoreFoundation                      0x00007fff915bfdfa +[NSException raise:format:arguments:] + 106
                      3   CoreFoundation                      0x00007fff915bfd84 +[NSException raise:format:] + 116
                      4   CoreFoundation                      0x00007fff9157cf3b -[__NSCFDictionary setObject:forKey:] + 219
                      5   DFA                                 0x000000010a1aa1b8 DFA + 25016
                      6   DFA                                 0x000000010a1ad701 DFA + 38657
                      7   DFA                                 0x000000010a1a61de DFA + 8670
                      8   CoreFoundation                      0x00007fff915af75d -[NSObject performSelector:withObject:] + 61
                      9   AppKit                              0x00007fff8e507cb2 -[NSApplication sendAction:to:from:] + 139
                      10  AppKit                              0x00007fff8e507be6 -[NSControl sendAction:to:] + 88
                      11  AppKit                              0x00007fff8e507b11 -[NSCell _sendActionFrom:] + 137
                      12  AppKit                              0x00007fff8e506fd4 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2014
                      13  AppKit                              0x00007fff8e586d04 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 489
                      14  AppKit                              0x00007fff8e505bde -[NSControl mouseDown:] + 786
                      15  AppKit                              0x00007fff8e4d06e0 -[NSWindow sendEvent:] + 6306
                      16  AppKit                              0x00007fff8e46916d -[NSApplication sendEvent:] + 5593
                      17  AppKit                              0x00007fff8e3ff1f2 -[NSApplication run] + 555
                      18  AppKit                              0x00007fff8e67db88 NSApplicationMain + 867
                      19  Disk Utility                        0x0000000104c4e475 Disk Utility + 9333
                      20  Disk Utility                        0x0000000104c4e270 Disk Utility + 8816

  Even if you succeed with the difficult instructions to do this, if you are running Mavericks (10.9.x) on your Mac, count on it to start over with a whole new backup of your Mac, so you will have two separate backup files for the Mac on the Time Capsule.
  Realistically, few of us ever need to go back months or years to retrieve a file from Time Machine. My recommendation would be to keep the external hard drive around for a few months until you have a good backup history established for the Mac....and then delete the backups from the drive and use it as a spare hard drive.

• I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.

  I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.

  Sorry no, if you don't knnow the encrypted password, then you can't use that backjup.

• Does Adobe Reader for iOS and Android Support Encryption with PKI Solution?

  Hello there,
  I have been searching for an answer whether or not Adobe Reader for iOS and Android can read encrypted PDF files by public key infrastructure solution (encrypted by a public key, to be decrypted by its private key pair), but to date I have not found the answer.  From the Adobe web site, I understand that Adobe Reader for Android supports to read encrypted document by AES256 but it does not mention about PKI.  I had to guess that it does not support encryption with PKI but I would just like to get a formal answer, and would like to know whether Adobe Reader Mobile will support it. 
  Thanks!
  Masaya

  Hi there,
  Now we have Acrobat DC Mobile but I am still wondering if encryption/description using PKI solution (digital certificates) is supported.  Could anyone let me know?  Thank you.
  Masaya

• Encrypt with password- Help

  I created a pdf, used Advanced/Security/Encrypt with Password.  I did not provide a password..  Acrobat must have.  How do I find or fix?What did acrobat use to create the password?  I was expecting a prompt.  Next thing I know its protected with an unknown pw?  Help.
  Thanks
  It is looking for a 'permissions password'.  I did not provide one.  My bad here it seems.

  It's impossible not to enter a password when applying protection using that menu item. Acrobat wouldn't make one up and will not accept a blank entry on the dialog box.
  Are you sure you didn't apply a previously-created Security Policy, in which you chose to store the password inside the policy?

• After encrypting with filevault 2 on mountain lion, safari is extremely slow

  after encrypting with filevault2 on mountain lion, safari is running extremely slow.
  it's taking more than 45 seconds (sometimes a full minute) to load pages.
  my internet speeds are 35 mbps download and 6.35 mpbs upload, so it's not my internet connection.
  i have deleted the cache files and the system preferences.
  i'm finding that chrome is faster, but i'm seeing slowness there too.
  in encrypted using filevault 2.0 yesterday, all software is up to date.
  can anyone please help me with this?  i don't want to have to turn off filevault.
  thanks!

  Problems such as yours are sometimes caused by files that should belong to you but are locked or have a wrong owner. This procedure will check for such files. It makes no changes and therefore will not, in itself, solve your problem.
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the page that opens.
  Triple-click anywhere in the line below to select it, then drag or copy it — do not type — into the Terminal window:
  find . $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID \) -ls
  Press return. The command may take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear.
  Post any lines of output that appear below what you entered — the text, please, not a screenshot.
  If any personal information appears in the output, edit before posting, but don’t remove the context.