| General Information |
| AUTHID |
DEFINER |
| Source |
{ORACLE_HOME}/rdbms/admin/dbmsobtk.sql |
| First Available |
10.1 |
| Algorithm Constants |
| Name |
Data Type |
Value |
| Hash Functions |
| HASH_MD4 (128 bit hash) |
PLS_INTEGER |
1 |
| HASH_MD5 (128 bit hash) |
PLS_INTEGER |
2 |
| HASH_SH1 (160 bit hash) |
PLS_INTEGER |
3 |
| MAC Functions |
| HMAC_MD5 (128 bit hash) |
PLS_INTEGER |
1 |
| HMAC_SH1 (160 bit hash) |
PLS_INTEGER |
2 |
| Block Cipher Algorithms |
| ENCRYPT_DES (56 bit) |
PLS_INTEGER |
1; -- 0x0001 |
| ENCRYPT_3DES_2KEY (128 bit) |
PLS_INTEGER |
2; -- 0x0002 |
| ENCRYPT_3DES |
PLS_INTEGER |
3; -- 0x0003 |
| ENCRYPT_AES |
PLS_INTEGER |
4; -- 0x0004 |
| ENCRYPT_PBE_MD5DES |
PLS_INTEGER |
5; -- 0x0005 |
| ENCRYPT_AES128 (128 bit) |
PLS_INTEGER |
6; -- 0x0006 |
| ENCRYPT_AES192 (192 bit) |
PLS_INTEGER |
7; -- 0x0007 |
| ENCRYPT_AES256 (256 bit) |
PLS_INTEGER |
8; -- 0x0008 |
| ENCRYPT_RC4 (Stream Cipher) |
PLS_INTEGER |
129; -- 0x0081 |
| Block Cipher Chaining Modifiers |
| CHAIN_CBC (Cipher Block Chaining) |
PLS_INTEGER |
256; -- 0x0100 |
| CHAIN_CFB (Cipher Feedback) |
PLS_INTEGER |
512; -- 0x0200 |
| CHAIN_ECB (Electronic cookbook) |
PLS_INTEGER |
768; -- 0x0300 |
| CHAIN_OFB (Output Feedback) |
PLS_INTEGER |
1024; -- 0x0400 |
| Block Cipher Padding Modifiers |
| PAD_PKCS5 (Complies with PKCS #5) |
PLS_INTEGER |
4096; -- 0x1000 |
| PAD_NONE (No padding) |
PLS_INTEGER |
8192; -- 0x2000 |
| PAD_ZERO (Pad with zeros) |
PLS_INTEGER |
12288; -- 0x3000 |
| PAD_ORCL |
PLS_INTEGER |
16384; -- 0x4000 |
| Block Ciphers Suites |
| DES3_CBC_PKCS5 |
PLS_INTEGER |
ENCRYPT_3DES
+ CHAIN_CBC
+ PAD_PKCS5; |
| DES3_CBC_PKCS5 |
PLS_INTEGER |
ENCRYPT_3DES
+ CHAIN_CBC
+ PAD_PKCS5; |
| AES_CBC_PKCS5 |
PLS_INTEGER |
ENCRYPT_AES
+ CHAIN_CBC
+ PAD_PKCS5; |
|
| Dependencies |
| DBMS_CRYPTO_FFI |
DBMS_SQLHASH |
WWV_FLOW_CLOUD_DB_SERVICES |
| DBMS_ISCHED |
JVMRJBC |
WWV_FLOW_CRYPTO |
| DBMS_METADATA_DIFF |
KUPM$MCP |
WWV_FLOW_SESSION |
| DBMS_REGISTRY |
UTL_RAW |
|
|
| Exceptions |
| Error Code |
Reason |
| 28827 |
The specified cipher suite is not defined |
| 28829 |
No value has been specified for the cipher suite to be used |
| 28233 |
Source data was previously encrypted |
| 28234 |
DES: Specified key size too short. DES keys must be at least 8 bytes (64 bits).
AES: Specified key size is not supported. AES keys must be 128, 192, or 256 bits |
| 28239 |
The encryption key has not been specified or contains a NULL value |
|
| Security Model |
Owned by SYS with EXECUTE granted to the DVSYS and APEX040200 roles |
| Subprograms |
|
| |
| DECRYPT |
Decrypt crypt text data using stream or block cipher with user supplied key and optional iv
Overload 1 |
dbms_crypto.decrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL)
RETURN RAW; |
| See Encrypt Overload 1 demo |
| Overload 2 |
dbms_crypto.decrypt(
dst IN OUT NOCOPY BLOB,
src IN BLOB,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL); |
| TBD |
| Overload 3 |
dbms_crypto.decrypt (
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN BLOB,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL); |
| TBD |
| |
| ENCRYPT |
Encrypt plain text data using stream or block cipher with user supplied key and optional iv
Overload 1 |
dbms_crypto.encrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL)
RETURN RAW; |
set serveroutput on
set linesize 121
DECLARE
l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
l_key RAW(128) := utl_raw.cast_to_raw('abcdefgh');
l_encrypted_raw RAW(2048);
l_decrypted_raw RAW(2048);
BEGIN
dbms_output.put_line('Original : ' || l_credit_card_no);
l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw, dbms_crypto.des_cbc_pkcs5, l_key);
dbms_output.put_line('Encrypted : ' || RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));
l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
dbms_output.put_line('Decrypted : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
END;
/ |
set serveroutput on
DECLARE
enc_val RAW(2000);
l_key RAW(2000);
l_key_len NUMBER := 128/8; -- convert bits to bytes
l_mod NUMBER := dbms_crypto.ENCRYPT_AES128 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_ZERO;
BEGIN
l_key := dbms_crypto.randombytes(l_key_len);
enc_val := dbms_crypto.encrypt(utl_i18n.string_to_raw('4114-0113-1518-7114', 'AL32UTF8'), l_mod, l_key);
dbms_output.put_line(enc_val);
END;
/ |
set serveroutput on
DECLARE
enc_val RAW(2000);
l_key RAW(2000);
l_key_len NUMBER := 128/8; -- convert bits to bytes
l_mod NUMBER := dbms_crypto.ENCRYPT_AES128 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_ZERO;
BEGIN
l_key := dbms_crypto.randombytes(l_key_len);
enc_val := dbms_crypto.encrypt(utl_raw.cast_to_raw(CONVERT('Morgan','AL32UTF8')), l_mod, l_key);
dbms_output.put_line(enc_val);
END;
/ |
| Overload 2 |
dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN BLOB,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL); |
| TBD |
| Overload 3 |
dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL); |
| TBD |
| |
| HASH |
Hash source data by cryptographic hash type
Overload 1 |
dbms_crypto.hash(src IN RAW, typ IN PLS_INTEGER) RETURN RAW; |
set serveroutput on
DECLARE
l_credit_card_no VARCHAR2(19) := '4114-0113-1518-7114';
l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
l_encrypted_raw RAW(2048);
BEGIN
dbms_output.put_line('CC: ' || l_ccn_raw);
l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, 1);
dbms_output.put_line('MD4: ' || l_encrypted_raw);
l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, 2);
dbms_output.put_line('MD5: ' || l_encrypted_raw);
l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, 3);
dbms_output.put_line('SH1: ' || l_encrypted_raw);
END;
/ |
| Overload 2 |
dbms_crypto.hash(src IN BLOB, typ IN PLS_INTEGER) RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto.hash(src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER) RETURN RAW; |
| TBD |
| |
| MAC |
Message Authentication Code algorithms provide keyed message protection
Overload 1 |
dbms_crypto.mac(src IN RAW, typ IN PLS_INTEGER, key IN RAW) RETURN RAW; |
set serveroutput on
DECLARE
l_credit_card_no VARCHAR2(19) := '4114-0113-1518-7114';
l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
l_key RAW(128) :=
utl_raw.cast_to_raw('abcdefgh');
l_encrypted_raw RAW(2048);
BEGIN
dbms_output.put_line('CC: ' || l_ccn_raw);
dbms_output.put_line('Key: ' || l_key);
l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 1, l_key);
dbms_output.put_line('MD5: ' || l_encrypted_raw);
l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 2, l_key);
dbms_output.put_line('SH1: ' || l_encrypted_raw);
END;
/ |
| Overload 2 |
dbms_crypto.mac(src IN BLOB, typ IN PLS_INTEGER, key IN RAW) RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto.mac(src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER, key IN RAW)
RETURN RAW; |
| TBD |
| |
| RANDOMBYTES |
| Returns a raw value containing a pseudo-random sequence of bytes |
dbms_crypto.randombytes(number_bytes PLS_INTEGER) RETURN RAW; |
SELECT dbms_crypto.randombytes(1) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(1)) FROM dual;
SELECT dbms_crypto.randombytes(28) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(28)) FROM dual;
SELECT dbms_crypto.randombytes(64) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(64)) FROM dual; |
| |
| RANDOMINTEGER |
| Returns a random BINARY_INTEGER |
dbms_crypto.randominteger RETURN NUMBER; |
| SELECT dbms_crypto.randominteger FROM dual; |
| |
| RANDOMNUMBER |
| Returns a random Oracle Number |
dbms_crypto.randomnumber RETURN NUMBER; |
| SELECT dbms_crypto.randomnumber FROM dual; |
