Oracle DBMS_CRYPTO
Version 12.1.0.2

General Information
Library Note Morgan's Library Page Footer
The Library is currently in the process of being upgraded from Oracle Database Version 12.1.0.1 to 12.1.0.2. Demos are being upgraded to reflect the new Container paradigm as well as EBR (Edition Based Redefinition) and may contain references to CDBs, PDBs, and other objects you may not be familiar with such as CDB_OBJECTS_AE: Welcome to 12c.

Interested in Oracle GoldenGate? Check out the IGGOUG,
Purpose Encryption, decryption, hashing, and random string and numeric value generation
AUTHID DEFINER
Constants
Name Data Type Value
Hash Functions
HASH_MD4 (128 bit hash) PLS_INTEGER 1
HASH_MD5 (128 bit hash) PLS_INTEGER 2
HASH_SH1 (160 bit hash) PLS_INTEGER 3
HASH_SH256 PLS_INTEGER 4
HASH_SH384 PLS_INTEGER 5
HASH_SH512 PLS_INTEGER 6
MAC Functions
HMAC_MD5 (128 bit hash) PLS_INTEGER 1
HMAC_SH1 (160 bit hash) PLS_INTEGER 2
HMAC_SH256 PLS_INTEGER 3
HMAC_SH384 PLS_INTEGER 4
HMAC_SH512 PLS_INTEGER 5
Encryption Algorithms
ENCRYPT_DES PLS_INTEGER 1
ENCRYPT_3DES_2KEY PLS_INTEGER 2
ENCRYPT_3DES PLS_INTEGER 3
ENCRYPT_AES PLS_INTEGER 4
ENCRYPT_PBE_MD5DES PLS_INTEGER 5
ENCRYPT_AES128 PLS_INTEGER 6
ENCRYPT_AES192 PLS_INTEGER 7
ENCRYPT_AES256 PLS_INTEGER 8
Block Cipher Chaining Modifiersx
CHAIN_CBC PLS_INTEGER 256
CHAIN_CFB PLS_INTEGER 512
CHAIN_ECB PLS_INTEGER 768
CHAIN_OFB PLS_INTEGER 1024
Block Cipher Padding Modifiers
PAD_PKCS5 PLS_INTEGER 4096
PAD_NONE PLS_INTEGER 8192
PAD_ZERO PLS_INTEGER 12288
PAD_ORCL PLS_INTEGER 16384
Stream Cipher Algorithms
ENCRYPT_RC4 PLS_INTEGER 129
Block Cipher Suites
DES_CBC_PKCS5 PLS_INTEGER ENCRYPT_DES+CHAIN_CBC+PAD_PKCS5
DES3_CBC_PKCS5 PLS_INTEGER ENCRYPT_3DES+CHAIN_CBC+PAD_PKCS5
AES_CBC_PKCS5 PLS_INTEGER ENCRYPT_AES+CHAIN_CBC+PAD_PKCS5
Dependencies
DBMS_CRYPTO_FFI DBMS_SQLHASH WWV_FLOW_CGI
DBMS_ISCHED JVMRJBC WWV_FLOW_CLOUD_DB_SERVICES
DBMS_METADATA_DIFF KUPM$MCP WWV_FLOW_CRYPTO
DBMS_SCHEDULER UTL_RAW  
Documented Yes
Exceptions
Error Code Reason
28827 The specified cipher suite is not defined
28829 No value has been specified for the cipher suite to be used
28233 Source data was previously encrypted
28234 DES: Specified key size too short. DES keys must be at least 8 bytes (64 bits).
AES: Specified key size is not supported. AES keys must be 128, 192, or 256 bits
28239 The encryption key has not been specified or contains a NULL value
First Available 10gR1
Security Model Owned by SYS with EXECUTE granted to DVSYS and the APEX_040200 role
Source {ORACLE_HOME}/rdbms/admin/dbmsobtk.sql
Subprograms
 
DECRYPT
Decrypt crypt text data using stream or block cipher with user supplied key and optional iv

Overload 1
dbms_crypto.decrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL) RETURN RAW;
See Encrypt Overload 1 demo
Overload 2 dbms_crypto.decrypt(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
Overload 3 dbms_crypto.decrypt (
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
 
ENCRYPT
Encrypt plain text data using stream or block cipher with user supplied key and optional iv

Overload 1
dbms_crypto.encrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL)
RETURN RAW;
set serveroutput on

set linesize 121

DECLARE
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');

 l_encrypted_raw RAW(2048);
 l_decrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('Original : ' || l_credit_card_no);

  l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw, dbms_crypto.des_cbc_pkcs5, l_key);

  dbms_output.put_line('Encrypted : ' || RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));

  l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkcs5, key => l_key);

  dbms_output.put_line('Decrypted : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
END;
/
set serveroutput on

DECLARE
 enc_val   RAW(2000);
 l_key     RAW(2000);
 l_key_len NUMBER := 128/8; -- convert bits to bytes
 l_mod     NUMBER := dbms_crypto.ENCRYPT_AES128+dbms_crypto.CHAIN_CBC+dbms_crypto.PAD_ZERO;

BEGIN
  l_key := dbms_crypto.randombytes(l_key_len);
  enc_val := dbms_crypto.encrypt(utl_i18n.string_to_raw('4114-0113-1518-7114', 'AL32UTF8'), l_mod, l_key);
  dbms_output.put_line(enc_val);
END;
/
set serveroutput on

DECLARE
 enc_val RAW(2000);
 l_key RAW(2000);
 l_key_len NUMBER := 128/8; -- convert bits to bytes
 l_mod NUMBER := dbms_crypto.ENCRYPT_AES128 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_ZERO;
BEGIN
  l_key := dbms_crypto.randombytes(l_key_len);
  enc_val := dbms_crypto.encrypt(utl_raw.cast_to_raw(CONVERT('Morgan','AL32UTF8')), l_mod, l_key);
  dbms_output.put_line(enc_val);
END;
/
Overload 2 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN     BLOB,
typ IN     PLS_INTEGER,
key IN     RAW,
iv  IN     RAW DEFAULT NULL);
TBD
Overload 3 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN     CLOB CHARACTER SET ANY_CS,
typ IN     PLS_INTEGER, key IN RAW,
iv  IN     RAW DEFAULT NULL);
TBD
 
HASH
Hash source data by cryptographic hash type

Overload 1
dbms_crypto.hash(src IN RAW, typ IN PLS_INTEGER) RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '4114-0113-1518-7114';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_encrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('CC:  ' || l_ccn_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_md4);
  dbms_output.put_line('MD4: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_md5);
  dbms_output.put_line('MD5: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh1);
  dbms_output.put_line('SH1: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh256);
  dbms_output.put_line('SH2-256: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh384);
  dbms_output.put_line('SH2-384: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh512);
  dbms_output.put_line('SH2-512: ' || l_encrypted_raw);
END;
/
Overload 2 dbms_crypto.hash(src IN BLOB, typ IN PLS_INTEGER) RETURN RAW;
TBD
Overload 3 dbms_crypto.hash(src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER)
RETURN RAW;
DECLARE
 lRAW  RAW(512);
 lClob CLOB := 'Patient is showing signs of pizza box intolerance: Try an ODA';
BEGIN
  dbms_output.put_line('Source:  ' || SUBSTR(lClob,1,128));

  lRAW := dbms_crypto.hash(lCLOB, dbms_crypto.hash_sh512);
  dbms_output.put_line('SH2-512: ' || lRAW);
END;
/
 
MAC
Message Authentication Code algorithms provide keyed message protection

Overload 1
dbms_crypto.mac(src IN RAW, typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '4114-0113-1518-7114';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');
 l_encrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('CC:  ' || l_ccn_raw);
  dbms_output.put_line('Key: ' || l_key);

  l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 1, l_key);
  dbms_output.put_line('MD5: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 2, l_key);
  dbms_output.put_line('SH1: ' || l_encrypted_raw);
END;
/
Overload 2 dbms_crypto.mac(src IN BLOB, typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
TBD
Overload 3 dbms_crypto.mac(src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER, key IN RAW)
RETURN RAW;
TBD
 
RANDOMBYTES
Returns a raw value containing a pseudo-random sequence of bytes dbms_crypto.randombytes(number_bytes PLS_INTEGER) RETURN RAW;
SELECT dbms_crypto.randombytes(1) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(1)) FROM dual;

SELECT dbms_crypto.randombytes(28) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(28)) FROM dual;

SELECT dbms_crypto.randombytes(64) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(64)) FROM dual;
 
RANDOMINTEGER
Returns a random BINARY_INTEGER dbms_crypto.randominteger RETURN NUMBER;
SELECT dbms_crypto.randominteger FROM dual;
 
RANDOMNUMBER
Returns a random Oracle Number dbms_crypto.randomnumber RETURN NUMBER;
SELECT dbms_crypto.randomnumber FROM dual;

Related Topics
DBMS_CRYPTO_FFI
DBMS_CRYPTO_TOOLKIT
DBMS_CRYPTO_TOOLKIT_TYPES
DBMS_OBFUSCATION_TOOLKIT
DBMS_RANDOM
DBMS_SQLHASH
Label Security
Net Services
Oracle IDentity (OID)
Packages
Security
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2014 Daniel A. Morgan All Rights Reserved