Professional Documents
Culture Documents
ORACLE-BASE - Data Encryption - DBMS - OBFUSCATION - TOOLKIT
ORACLE-BASE - Data Encryption - DBMS - OBFUSCATION - TOOLKIT
ORACLE-BASE - Data Encryption - DBMS - OBFUSCATION - TOOLKIT
Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps |
Linux
Home »
Articles » 3 Tw eet 5
8i » Here Search
Data Encryption -
DBMS_OBFUSCATION_TOOLKIT
The DBMS_OBFUSCATION_TOOLKITpackage provides a simple
API for data encryption. Oracle8i only provides DES encryption
whilst Oracle9i also includes DES3 encryption. In this article I'll
create a simple package containing functions to DES encrypt
and decrypt test strings.
Related articles.
First we create the package header containing the two conversion functions.
END toolkit;
/
All VARCHAR2 inputs are padded to multiples of 8 charaters, with the encryption key also being a multiple of 8 charaters.
The encryption key and padding characters can be altered to suit.
-- --------------------------------------------------
FUNCTION encrypt (p_text IN VARCHAR2) RETURN RAW IS
-- --------------------------------------------------
http://www.oracle-base.com/articles/8i/data-encryption.php 1/4
5/6/2014 ORACLE-BASE - Data Encryption - DBMS_OBFUSCATION_TOOLKIT
l_text VARCHAR2(32767) := p_text;
l_encrypted RAW(32767);
BEGIN
padstring(l_text);
DBMS_OBFUSCATION_TOOLKIT.desencrypt(input => UTL_RAW.cast_to_raw(l_text),
key => g_key,
encrypted_data => l_encrypted);
RETURN l_encrypted;
END;
-- --------------------------------------------------
-- --------------------------------------------------
FUNCTION decrypt (p_raw IN RAW) RETURN VARCHAR2 IS
-- --------------------------------------------------
l_decrypted VARCHAR2(32767);
BEGIN
DBMS_OBFUSCATION_TOOLKIT.desdecrypt(input => p_raw,
key => g_key,
decrypted_data => l_decrypted);
-- --------------------------------------------------
PROCEDURE padstring (p_text IN OUT VARCHAR2) IS
-- --------------------------------------------------
l_units NUMBER;
BEGIN
IF LENGTH(p_text) MOD 8 > 0 THEN
l_units := TRUNC(LENGTH(p_text)/8) + 1;
p_text := RPAD(p_text, l_units * 8, g_pad_chr);
END IF;
END;
-- --------------------------------------------------
END toolkit;
/
Test It
We can test the basic functionality using the following code.
DECLARE
l_value VARCHAR2(16) := 'ORACLE-BASE';
l_raw RAW(16);
BEGIN
DBMS_OUTPUT.put_line('l_value: ' || l_value);
l_raw := toolkit.encrypt(l_value);
DBMS_OUTPUT.put_line('l_raw: ' || l_raw);
DBMS_OUTPUT.put_line('Original Value : ' || toolkit.decrypt(l_raw));
END;
/
Remember that the length of the output from the encryption routine will be rounded up to the next multiple of 8 characters.
If the results are to be stored as RAW datatypes in the database you must make sure enough room is allocated. SQL*Plus
displays the contents of RAW variable in HEX so it appears to be twice as long as it actually is.
http://www.oracle-base.com/articles/8i/data-encryption.php 2/4
5/6/2014 ORACLE-BASE - Data Encryption - DBMS_OBFUSCATION_TOOLKIT
username VARCHAR2(20),
data RAW(16)
);
Next we test the trigger using some simple insert, update and query statements.
1 row created.
USERNAME DATA
-------------------- ----------------------------------------
tim_hall FA57C55510D258C73DE93059E3DC49EC
1 row selected.
USERNAME DATA
-------------------- ----------------------------------------
tim_hall My Secret Data
1 row selected.
1 row updated.
USERNAME DATA
-------------------- ----------------------------------------
tim_hall My NEW Secret
1 row selected.
SQL>
With the exception of the calls to the UTL_RAWpackage, this method hides most of the work from the developer.
DBMS_OBFUSCATION_TOOLKIT
Database Security Enhancements in Oracle Database 10g - DBMS_CRYPTO
Transparent Data Encryption (TDE) in Oracle 10g Database Release 2
SecureFiles in Oracle 11g Database Release 1 - LOB Encryption
Tablespace Encryption in Oracle 11g Database Release 1
http://www.oracle-base.com/articles/8i/data-encryption.php 3/4
5/6/2014 ORACLE-BASE - Data Encryption - DBMS_OBFUSCATION_TOOLKIT
3 Tweet 5
http://www.oracle-base.com/articles/8i/data-encryption.php 4/4