CODE
Oracle Code Library
JOBS
Find Or Post Oracle Jobs
FORUM
Oracle Discussion & Chat
PSOUG Home Code Snippets Oracle Reference Oracle Functions PSOUG Forum Oracle Blogs Bookmark and Share
 
 Search the Reference Library pages:  

Free
Oracle Magazine
Subscriptions
and Oracle White Papers

Oracle DBMS_CRYPTO
Version 11.1
 
General Information
Source {ORACLE_HOME}/rdbms/admin/dbmsobtk.sql
First Available 10.1

Algorithm Constants
Name Data Type Value
Hash Functions
HASH_MD4 (128 bit hash) PLS_INTEGER 1
HASH_MD5 (128 bit hash) PLS_INTEGER 2
HASH_SH1 (160 bit hash) PLS_INTEGER 3
MAC Functions
HMAC_MD5 (128 bit hash) PLS_INTEGER 1
HMAC_SH1 (160 bit hash) PLS_INTEGER 2
Block Cipher Algorithms
ENCRYPT_DES (56 bit) PLS_INTEGER 1; -- 0x0001
ENCRYPT_3DES_2KEY (128 bit) PLS_INTEGER 2; -- 0x0002
ENCRYPT_3DES PLS_INTEGER 3; -- 0x0003
ENCRYPT_AES PLS_INTEGER 4; -- 0x0004
ENCRYPT_PBE_MD5DES PLS_INTEGER 5; -- 0x0005
ENCRYPT_AES128 (128 bit) PLS_INTEGER 6; -- 0x0006
ENCRYPT_AES192 (192 bit) PLS_INTEGER 7; -- 0x0007
ENCRYPT_AES256 (256 bit) PLS_INTEGER 8; -- 0x0008
ENCRYPT_RC4 (Stream Cipher) PLS_INTEGER 129; -- 0x0081
Block Cipher Chaining Modifiers
CHAIN_CBC (Cipher Block Chaining) PLS_INTEGER 256; -- 0x0100
CHAIN_CFB (Cipher Feedback) PLS_INTEGER 512; -- 0x0200
CHAIN_ECB (Electronic cookbook) PLS_INTEGER 768; -- 0x0300
CHAIN_OFB (Output Feedback) PLS_INTEGER 1024; -- 0x0400
Block Cipher Padding Modifiers
PAD_PKCS5 (Complies with PKCS #5) PLS_INTEGER 4096; -- 0x1000
PAD_NONE (No padding) PLS_INTEGER 8192; -- 0x2000
PAD_ZERO (Pad with zeros) PLS_INTEGER 12288; -- 0x3000
PAD_ORCL PLS_INTEGER 16384; -- 0x4000
Block Ciphers Suites
DES3_CBC_PKCS5 PLS_INTEGER ENCRYPT_3DES
+ CHAIN_CBC
+ PAD_PKCS5;
DES3_CBC_PKCS5 PLS_INTEGER ENCRYPT_3DES
+ CHAIN_CBC
+ PAD_PKCS5;
AES_CBC_PKCS5 PLS_INTEGER ENCRYPT_AES
+ CHAIN_CBC
+ PAD_PKCS5;
Dependencies
DBMS_CRYPTO_FFI DECRYPTBYTES ENCRYPTBYTES
DECRYPT ENCRYPT UTL_RAW

Exceptions
Error Code Reason
28827 The specified cipher suite is not defined
28829 No value has been specified for the cipher suite to be used
28233 Source data was previously encrypted
28234 DES: Specified key size too short. DES keys must be at least 8 bytes (64 bits).
AES: Specified key size is not supported. AES keys must be 128, 192, or 256 bits
28239 The encryption key has not been specified or contains a NULL value
 
DECRYPT
Decrypt crypt text data using stream or block cipher with user supplied key and optional iv

Overload 1
dbms_crypto.decrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL) RETURN RAW;
See Encrypt Overload 1 demo
Overload 2 dbms_crypto.decrypt(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
Overload 3 dbms_crypto.decrypt (
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
 
ENCRYPT

Encrypt plain text data using stream or block cipher with user supplied key and optional iv

Overload 1
dbms_crypto.encrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL)
RETURN RAW;
set serveroutput on

set linesize 121

DECLARE
 l_credit_card_no VARCHAR2(19) := '1234-5678-9012-3456';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');

 l_encrypted_raw RAW(2048);
 l_decrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('Original : ' || l_credit_card_no);

  l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw,
  dbms_crypto.des_cbc_pkcs5, l_key);

  dbms_output.put_line('Encrypted : ' ||
  RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));

  l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw,
  typ => dbms_crypto.des_cbc_pkcs5, key => l_key);

  dbms_output.put_line('Decrypted : ' ||
  utl_raw.cast_to_varchar2(l_decrypted_raw));
END;
/
set serveroutput on

DECLARE
 enc_val   RAW(2000);
 l_key     RAW(2000);
 l_key_len NUMBER := 128/8; -- convert bits to bytes
 l_mod     NUMBER := dbms_crypto.ENCRYPT_AES128
 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_ZERO;

BEGIN
  l_key := dbms_crypto.randombytes(l_key_len);

  enc_val := dbms_crypto.encrypt(
  utl_i18n.string_to_raw('1234-5678-9012-3456', 'AL32UTF8'),
  l_mod, l_key);

  dbms_output.put_line(enc_val);
END;
/
Overload 2 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN     BLOB,
typ IN     PLS_INTEGER,
key IN     RAW,
iv  IN     RAW DEFAULT NULL);
Overload 3 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN     CLOB CHARACTER SET ANY_CS,
typ IN     PLS_INTEGER, key IN RAW,
iv  IN     RAW DEFAULT NULL);
dbms_crypto.encrypt(UTL_RAW.CAST_TO_RAW(CONVERT('XXX','AL32UTF8')),typ,key);
HASH

Hash source data by cryptographic hash type

Overload 1
dbms_crypto.hash(src IN RAW, typ IN PLS_INTEGER) RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '1234-5678-9012-3456';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_encrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('CC:  ' || l_ccn_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, 1);
  dbms_output.put_line('MD4: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, 2);
  dbms_output.put_line('MD5: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, 3);
  dbms_output.put_line('SH1: ' || l_encrypted_raw);
END;
/
Overload 2 dbms_crypto.hash(src IN BLOB, typ IN PLS_INTEGER) RETURN RAW;
Overload 3 dbms_crypto.hash(src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER) RETURN RAW;
 
MAC

Message Authentication Code algorithms provide keyed message protection

Overload 1
dbms_crypto.mac(src IN RAW, typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '1234-5678-9012-3456';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');
 l_encrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('CC:  ' || l_ccn_raw);
  dbms_output.put_line('Key: ' || l_key);

  l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 1, l_key);
  dbms_output.put_line('MD5: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 2, l_key);
  dbms_output.put_line('SH1: ' || l_encrypted_raw);
END;
/
Overload 2 dbms_crypto.mac(src IN BLOB, typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
Overload 3 dbms_crypto.mac(
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
 
RANDOMBYTES

Returns a raw value containing a pseudo-random sequence of bytes
dbms_crypto.randomnytes(number_bytes PLS_INTEGER) RETURN RAW;
SELECT dbms_crypto.randombytes(1) FROM DUAL;
SELECT LENGTH(dbms_crypto.randombytes(1)) FROM DUAL;

SELECT dbms_crypto.randombytes(28) FROM DUAL;
SELECT LENGTH(dbms_crypto.randombytes(28)) FROM DUAL;

SELECT dbms_crypto.randombytes(64) FROM DUAL;
SELECT LENGTH(dbms_crypto.randombytes(64)) FROM DUAL;
 
RANDOMINTEGER
Returns a random BINARY_INTEGER dbms_crypto.randominteger RETURN NUMBER;
SELECT dbms_crypto.randominteger FROM DUAL;
 
RANDOMNUMBER
Returns a random Oracle Number dbms_crypto.randomnumber RETURN NUMBER;
SELECT dbms_crypto.randomnumber FROM DUAL;
 
Related Topics
DBMS_CRYPTO_TOOLKIT_TYPES
DBMS_OBFUSCATION_TOOLKIT
DBMS_RANDOM
Label Security
Net Services
Oracle IDentity (OID)
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW
 
Home      :      Code Library      :      Sponsors      :      Privacy      :      Terms of Use      :      Contact Us [161 users online]    © 2010 psoug.org