Oracle DBMS_CRYPTO_TOOLKIT
Version 12.1.0.1

General Information
Library Note Morgan's Library Page Footer
The Library is currently in the process of being upgraded from Oracle Database Version 11.2.0.3 to 12.1.0.1. Demos are being upgraded to reflect the new Container paradigm as well as EBR (Edition Based Redefinition) and may contain references to CDBs, PDBs, and other objects you may not be familiar with such as CDB_OBJECTS_AE: Welcome to 12c.
Purpose Types and subroutines supporting the DBMS_CRYPTO built in encryption package and Wallets and Transparent Data Encryption.

According to the source file header:
--- Old dbms_crypto_TOOLKIT code.
--- The code below was desupported and should not be documented.
--- Final disposition on the removal of this package is pending.
--- December 12, 2002

Apparently someone forgot about this sometime during the previous decade.
AUTHID DEFINER
Constants
Name Data Type Value
DETACHEDSIGNATURE Crypto_Engine_Function 1
SIGNATURE Crypto_Engine_Function 2
ENVELOPING Crypto_Engine_Function 3
PKENCRYPTION Crypto_Engine_Function 4
ENCRYPTION Crypto_Engine_Function 5
KEYEDHASH_CHECKSUM Crypto_Engine_Function 6
HASH_CHECKSUM Crypto_Engine_Function 7
RANDOM Crypto_Engine_Function 8
 
CONTINUE_PROCESSING Crypto_Engine_State 1
END_PROCESSING Crypto_Engine_State 2
RESET_PROCESSING Crypto_Engine_State 3
 
X509V1 Identity_Type 1
SYMMETRIC Identity_Type 2
 
RSA Cipher 1
DES Cipher 2
RC4 Cipher 3
MD5DES Cipher 4
MD5RC2 Cipher 5
MD5 Cipher 6
SHA Cipher 7
 
PKCS7 Data_Unit_Format 1
RSAPAD Data_Unit_Format 2
ORACLEv1 Data_Unit_Format 3
Data Types SUBTYPE Crypto_Engine_Function IS dbms_crypto_toolkit_types.Crypto_Engine_Function;
SUBTYPE Crypto_Engine_State IS dbms_crypto_toolkit_types.Crypto_Engine_State;
SUBTYPE Identity_Type IS dbms_crypto_toolkit_types.Identity_Type;
SUBTYPE Cipher IS dbms_crypto_toolkit_types.Cipher;
SUBTYPE Data_Unit_Format IS dbms_crypto_toolkit_types.Data_Unit_Format;

-- Aliases to reduce typing.
SUBTYPE Wallet IS dbms_crypto_toolkit_types.Wallet;
SUBTYPE Persona IS dbms_crypto_toolkit_types.Persona;
SUBTYPE Identity IS dbms_crypto_toolkit_types.Identity;
SUBTYPE Identity_Array IS dbms_crypto_toolkit_types.Identity_Array;
SUBTYPE Alias_String IS dbms_crypto_toolkit_types.Alias_String;
SUBTYPE Comment_String IS dbms_crypto_toolkit_types.Comment_String;
SUBTYPE Identity_Description IS dbms_crypto_toolkit_types.Identity_Description;
SUBTYPE Identity_Description_List IS dbms_crypto_toolkit_types.Identity_Description_List;
SUBTYPE Persona_Description IS dbms_crypto_toolkit_types.Persona_Description;
SUBTYPE Persona_List IS dbms_crypto_toolkit_types.Persona_List;
SUBTYPE Private_Persona_Information IS dbms_crypto_toolkit_types.Private_Persona_Information;
Dependencies
DBMS_CRYPTO_TOOLKIT_FFI DBMS_CRYPTO_TOOLKIT_TYPES UTL_RAW
Documented No
Exceptions
Error Code Reason
ORA-28836 package_wallet_is_not_open
ORA-28840 package_wallet_is_open
First Available 10.1.0.3
Security Model Owned by SYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/dbmsoctk.sql
Subprograms
 
ABORTIDENTITY
Aborts an identity dbms_crypto_toolkit.abortIdentity(identity IN OUT Identity);
TBD
 
CLOSEPERSONA
Closes a persona within a wallet dbms_crypto_toolkit.closePersona(persona IN OUT Persona);
See Demo Below
 
CLOSEWALLET
Closes the identified wallet
Overload 1
dbms_crypto_toolkit.closeWallet(wallet IN OUT Wallet);
TBD
Closes the wallet kept by the package
Overload 2
dbms_crypto_toolkit.closeWallet;
exec dbms_crypto_toolkit.closeWallet;
 
CREATEIDENTITY
Creates an identity dbms_crypto_toolkit.createIdentity(
identitytype       IN  Identity_Type,
public_identity    IN  VARCHAR2,
alias              IN  VARCHAR2,
longer_description IN  VARCHAR2,
trust_qualifier    IN  VARCHAR2,
identity           OUT Identity);
TBD
 
CREATEPERSONA
Creates a persona dbms_crypto_toolkit.createPersona(
cipher_type         IN  Cipher,
private_information IN  Private_Persona_Information,
prl                 IN  VARCHAR2,
alias               IN  VARCHAR2,
longer_description  IN  VARCHAR2,
persona             OUT Persona);
TBD
 
CREATEWALLET
Creates the identified wallet

Overload 1
dbms_crypto_toolkit.createWallet(
password                IN     VARCHAR2,
wallet                  IN OUT Wallet,
wallet_resource_locator IN     VARCHAR2 DEFAULT NULL);
SQL> exec dbms_crypto_toolkit.createWallet('oracle1');
BEGIN dbms_crypto_toolkit.createWallet('oracle1'); END;
*
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT_FFI", line 74
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 141
ORA-06512: at line 1
Used by applications which want to use the wallet kept by the package

Overload 2
dbms_crypto_toolkit.createWallet(
password                IN VARCHAR2,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
DECLARE
 r dbms_crypto_toolkit_types.wallet;
BEGIN
  dbms_crypto_toolkit.createWallet('oracle1', r, NULL);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT_FFI", line 74
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 126
ORA-06512: at line 4
 
DECRYPT
Converts the contents of an encrypted message back into its original readable format

Overload 1
dbms_crypto_toolkit.decrypt(
persona          IN  Persona,
input            IN  RAW,
decrypted_data   OUT RAW,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.decrypt(
persona          IN Persona,
input            IN RAW,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.decrypt(
persona          IN  Persona,
input_string     IN  VARCHAR2,
decrypted_string OUT VARCHAR2,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.decrypt(
persona          IN Persona,
input_string     IN VARCHAR2,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
DEENVELOPE
Remove a message from an envelope

Overload 1
dbms_crypto_toolkit.deEnvelope(
persona          IN  Persona,
enveloped_data   IN  RAW,
output_data      OUT RAW,
verified         OUT BOOLEAN,
validated        OUT BOOLEAN,
sender_identity  OUT Identity,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.deEnvelope(
persona          IN  Persona,
enveloped_data   IN  RAW,
verified         OUT BOOLEAN,
validated        OUT BOOLEAN,
sender_identity  OUT Identity,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.deEnvelope(
persona          IN  Persona,
enveloped_string IN  VARCHAR2,
output_string    OUT VARCHAR2,
verified         OUT BOOLEAN,
validated        OUT BOOLEAN,
sender_identity  OUT Identity,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.deEnvelope(
persona          IN  Persona,
enveloped_string IN  VARCHAR2,
verified         OUT BOOLEAN,
validated        OUT BOOLEAN,
sender_identity  OUT Identity,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
DESTROYWALLET
Deletes a wallet bases on a given wallet resource locator dbms_crypto_toolkit.destroyWallet(
password                IN VARCHAR2,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
TBD
 
ENCRYPT
Disguise the contents of a message and rendering it unreadable

Overload 1
dbms_crypto_toolkit.encrypt(
persona          IN  Persona,
input            IN  RAW,
encrypted_data   OUT RAW,
encryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.encrypt(
persona          IN Persona,
input            IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.encrypt(
persona          IN Persona,
input_string     IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
ENVELOPE
Digitally signs a message for authentication and encrypting the message with the recipient's public key

Overload 1
dbms_crypto_toolkit.envelope(
persona          IN  Persona,
recipient        IN  Identity,
input            IN  RAW,
enveloped_data   OUT RAW,
encryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.envelope(
persona          IN Persona,
recipient        IN Identity,
input            IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.envelope(
persona          IN  Persona,
recipient        IN  Identity,
input_string     IN  VARCHAR2,
enveloped_string OUT VARCHAR2,
encryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.envelope(
persona          IN Persona,
recipient        IN Identity,
input_string     IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
Overload 5 dbms_crypto_toolkit.envelope(
persona              IN  Persona,
number_of_recipients IN  POSITIVE,
recipient_list       IN  Identity_Array,
input                IN  RAW,
enveloped_data       OUT RAW,
encryption_state     IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 6 dbms_crypto_toolkit.envelope(
persona              IN Persona,
number_of_recipients IN POSITIVE,
recipient_list       IN Identity_Array,
input                IN RAW,
encryption_state     IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 7 dbms_crypto_toolkit.envelope(
persona              IN  Persona,
number_of_recipients IN  POSITIVE,
recipient_list       IN  Identity_Array,
input_string         IN  VARCHAR2,
enveloped_string     OUT VARCHAR2,
encryption_state     IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 8 dbms_crypto_toolkit.envelope(
persona              IN Persona,
number_of_recipients IN POSITIVE,
recipient_list       IN Identity_Array,
input_string         IN VARCHAR2,
encryption_state     IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
HASH
Generate a hash of the current message

Overload 1
dbms_crypto_toolkit.hash(
persona    IN  Persona,
input      IN  RAW,
hash       OUT RAW,
hash_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.hash(
persona    IN Persona,
input      IN RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.hash(
persona      IN  Persona,
input_string IN  VARCHAR2,
hash         OUT RAW,
hash_state   IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.hash(
persona      IN Persona,
input_string IN VARCHAR2,
hash_state   IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
 
INITIALIZE
Initialize the toolkit package for use dbms_crypto_toolkit.initialize;
exec dbms_crypto_toolkit.initialize;
 
KEYEDHASH
Generates a public key checksum

Overload 1
dbms_crypto_toolkit.keyedHash(
persona    IN  Persona,
input      IN  RAW,
keyed_hash OUT RAW,
hash_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.keyedHash(
persona    IN Persona,
input      IN RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.keyedHash(
persona      IN  Persona,
input_string IN  VARCHAR2,
keyed_hash   OUT RAW,
hash_state   IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.keyedHash(
persona      IN Persona,
input_string IN VARCHAR2,
hash_state   IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
 
OPENPERSONA
Opens a persona in the open wallet dbms_crypto_toolkit.openPersona(persona IN OUT Persona);
See Demo Below
 
OPENWALLET
Opens the identified wallet

Overload 1
dbms_crypto_toolkit.openWallet(
password                IN     VARCHAR2,
wallet                  IN OUT Wallet,
persona_list               OUT Persona_List,
wallet_resource_locator IN     VARCHAR2 DEFAULT NULL);
See Demo Below
Opens the wallet kept by the package

Overload 2
dbms_crypto_toolkit.openWallet(
password                IN     VARCHAR2,
persona_list               OUT Persona_List,
wallet_resource_locator IN     VARCHAR2 DEFAULT NULL);
TBD
 
PKDECRYPT
Decrypt for one recipient

Overload 1
dbms_crypto_toolkit.PKDecrypt(
persona          IN  Persona,
input            IN  RAW,
decrypted_data   OUT RAW,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.PKDecrypt(
persona          IN Persona,
input            IN RAW,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.PKDecrypt(
persona          IN  Persona,
input_string     IN  VARCHAR2,
decrypted_string OUT VARCHAR2,
decryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.PKDecrypt(
persona          IN Persona,
input_string     IN VARCHAR2,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
PKENCRYPT
Encrypt for one recipient

Overload 1
dbms_crypto_toolkit.PKEncrypt(
persona          IN  Persona,
recipient        IN  Identity,
input            IN  RAW,
encrypted_data   OUT RAW,
encryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 2 dbms_crypto_toolkit.PKEncrypt(
persona          IN Persona,
recipient        IN Identity,
input            IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.PKEncrypt(
persona          IN  Persona,
recipient        IN  Identity,
input_string     IN  VARCHAR2,
encrypted_string OUT VARCHAR2,
encryption_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.PKEncrypt(
persona          IN Persona,
recipient        IN Identity,
input_string     IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
Overload 5 dbms_crypto_toolkit.PKEncrypt(
persona              IN  Persona,
number_of_recipients IN  POSITIVE,
recipient_list       IN  Identity_Array,
input                IN  RAW,
encrypted_data       OUT RAW,
encryption_state     IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 6 dbms_crypto_toolkit.PKEncrypt(
persona              IN Persona,
number_of_recipients IN POSITIVE,
recipient_list       IN Identity_Array,
input                IN RAW,
encryption_state     IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 7 dbms_crypto_toolkit.PKEncrypt(
persona              IN  Persona,
number_of_recipients IN  POSITIVE,
recipient_list       IN  Identity_Array,
input_string         IN  VARCHAR2,
encrypted_string     OUT VARCHAR2,
encryption_state     IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 8 dbms_crypto_toolkit.PKEncrypt(
persona              IN Persona,
number_of_recipients IN POSITIVE,
recipient_list       IN Identity_Array,
input_string         IN VARCHAR2,
encryption_state     IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
RANDOMBYTES
Generates random bytes

Overload 1
dbms_crypto_toolkit.randomBytes(
persona                 IN  Persona,
number_of_bytes_desired IN  POSITIVE,
random_bytes            OUT RAW);
TBD
Overload 2 dbms_crypto_toolkit.randomBytes(
persona                 IN Persona,
number_of_bytes_desired IN POSITIVE)
RETURN RAW;
TBD
 
RANDOMNUMBER
Generates random numbers

Overload 1
dbms_crypto_toolkit.randomNumber(persona IN Persona, random_number OUT BINARY_INTEGER);
TBD
Overload 2 dbms_crypto_toolkit.randomNumber(persona IN Persona) RETURN BINARY_INTEGER;
TBD
 
REMOVEIDENTITY
Destroys an identity dbms_crypto_toolkit.removeIdentity(identity OUT Identity);
DECLARE
 RetVal dbms_crypto_toolkit_types.identity;
BEGIN
  dbms_crypto_toolkit.removeIdentity(RetVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT_FFI", line 290
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 253
ORA-06512: at line 4
 
REMOVEPERSONA
Removes a persona from a wallet dbms_crypto_toolkit.removePersona(persona IN OUT Persona);
DECLARE
 RetVal dbms_crypto_toolkit_types.persona;
BEGIN
  dbms_crypto_toolkit.removePersona(RetVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT_FFI", line 175
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 199
ORA-06512: at line 4
 
SEEDRANDOM
Generates a random seed value
Overload 1
dbms_crypto_toolkit.seedRandom(persona IN Persona, seed IN RAW);
TBD
Overload 2 dbms_crypto_toolkit.seedRandom(persona IN Persona, seed IN VARCHAR2);
TBD
Overload 3 dbms_crypto_toolkit.seedRandom(persona IN Persona, seed IN BINARY_INTEGER);
TBD
 
SIGN
Create an attached signature associated with the current persona

Overload 1
dbms_crypto_toolkit.sign(
persona         IN  Persona,
input           IN  RAW,
signature       OUT RAW,
signature_state IN  Crypto_Engine_State
DEFAULT END_PROCESSING);
See Demo Below
Overload 2 dbms_crypto_toolkit.sign(
persona         IN Persona,
input           IN RAW,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.sign(
persona         IN  Persona,
input_string    IN  VARCHAR2,
signature       OUT RAW,
signature_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
See Demo Below
Overload 4 dbms_crypto_toolkit.sign(
persona         IN Persona,
input_string    IN VARCHAR2,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
 
SIGNDETACHED
Creates a signature generated from a message kept separate from the message signature associated with the current persona

Overload 1
dbms_crypto_toolkit.signDetached(
persona         IN  Persona,
input           IN  RAW,
signature       OUT RAW,
signature_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
See Demo Below
Overload 2 dbms_crypto_toolkit.signDetached(
persona         IN Persona,
input           IN RAW,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.signDetached(
persona         IN  Persona,
input_string    IN  VARCHAR2,
signature       OUT RAW,
signature_state IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.signDetached(
persona         IN Persona,
input_string    IN VARCHAR2,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
 
STOREPERSONA
Stores the persona, a combination of an identity (public information) and associated private information

Overload 1
dbms_crypto_toolkit.storePersona(
persona IN OUT Persona,
wallet  IN OUT Wallet);
TBD
Used by applications that want to use the wallet kept by the package

Overload 2
dbms_crypto_toolkit.storePersona(persona IN OUT Persona);
DECLARE
 RetVal dbms_crypto_toolkit_types.persona;
BEGIN
  dbms_crypto_toolkit.storePersona(RetVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28836: Wallet is not open.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 172
ORA-06512: at line 4


-- follow the link at page bottom for "Wallet" to create a wallet and open it

DECLARE
 RetVal dbms_crypto_toolkit_types.persona;
BEGIN
  dbms_crypto_toolkit.storePersona(RetVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28836: Wallet is not open.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 172
ORA-06512: at line 4


SQL> SELECT status
2 FROM v$encryption_wallet;

STATUS
------------------------------
OPEN
 
STORETRUSTEDIDENTITY
Stores an identity as a trustpoint within a wallet dbms_crypto_toolkit.storeTrustedIdentity(identity IN OUT Identity, persona IN Persona);
TBD
 
TERMINATE
Stop Cryptographic Toolkit operation dbms_crypto_toolkit.terminate;
exec dbms_crypto_toolkit.terminate;
 
VALIDATE
Uses the trusted identities associated with a persona to validate an identity dbms_crypto_toolkit.validate(persona IN Persona, identity IN Identity) RETURN BOOLEAN;
TBD
 
VERIFY
Verify an attached signature

Overload 1
dbms_crypto_toolkit.verify(
persona                IN  Persona,
signature              IN  RAW,
extracted_message      OUT RAW,
verified               OUT BOOLEAN,
validated              OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state        IN  Crypto_Engine_State DEFAULT END_PROCESSING);
See Demo Below
Overload 2 dbms_crypto_toolkit.verify(
persona                IN  Persona,
signature              IN  RAW,
verified               OUT BOOLEAN,
validated              OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state        IN  Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW;
TBD
Overload 3 dbms_crypto_toolkit.verify(
persona                  IN  Persona,
signature                IN  RAW,
extracted_message_string OUT VARCHAR2,
verified                 OUT BOOLEAN,
validated                OUT BOOLEAN,
signing_party_identity   OUT Identity,
signature_state          IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
Overload 4 dbms_crypto_toolkit.verify(
persona                IN  Persona,
signature              IN  RAW,
verified               OUT BOOLEAN,
validated              OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state        IN  Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2;
TBD
 
VERIFYDETACHED
Verify a detached signature

Overload 1
dbms_crypto_toolkit.verifyDetached(
persona                IN  Persona,
data                   IN  RAW,
signature              IN  RAW,
verified               OUT BOOLEAN,
validated              OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state        IN  Crypto_Engine_State DEFAULT END_PROCESSING);
See Demo Below
Overload 2 dbms_crypto_toolkit.verifyDetached(
persona                IN  Persona,
data_string            IN  VARCHAR2,
signature              IN  RAW,
verified               OUT BOOLEAN,
validated              OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state        IN  Crypto_Engine_State DEFAULT END_PROCESSING);
TBD
 
Demo
This crypto toolkit demo was published by Oracle as:

Oracle Cryptographic Toolkit Programmer's Guide
Release 2.0.4
A54082-02
Sample PL/SQL Code

It has been modified for clarity and to fix a number of syntax errors that prevent the Oracle demo from compiling.
conn sys@pdbdev as sysdba
set serveroutput on

DECLARE
 all_done         BOOLEAN := FALSE;
 decrypted_string VARCHAR2 (2048);
 encrypted_string VARCHAR2 (2048);
 extracted_string VARCHAR2 (128);
 hash_string      VARCHAR2 (2048);
 persona          dbms_crypto_toolkit.persona;
 persona_list     dbms_crypto_toolkit.persona_list;
 recipient        dbms_crypto_toolkit.identity;
 signature        RAW(2048);
 signing_party    dbms_crypto_toolkit.identity;
 string_input     VARCHAR2(6) := '123456';
 string_validated BOOLEAN := FALSE;
 string_verified  BOOLEAN := FALSE;
 wallet           dbms_crypto_toolkit.wallet;

 -- package state flags
 initialized      BOOLEAN := FALSE;
 wallet_opened    BOOLEAN := FALSE;
 persona_opened   BOOLEAN := FALSE;

 encrypt_unsupported_msg VARCHAR2(64) := 'Encryption Unsupported - Ignoring Exception';

 done_exception EXCEPTION;
 operation_unsupported EXCEPTION;

 PRAGMA EXCEPTION_INIT (operation_unsupported, -28841);
BEGIN
  dbms_crypto_toolkit.initialize;
  initialized := TRUE;

  -- open wallet
  dbms_crypto_toolkit.openWallet('oracle1!', wallet, persona_list, 'default:');
  wallet_opened := TRUE;

  -- establish the identity associated with the first persona in the wallet
  dbms_output.put_line('Alias: ' || persona_list(1).alias);
  dbms_output.put_line('Comment: ' || persona_list(1).comment);
  persona.persona := persona_list(1).persona;
  recipient.descriptor := persona_list(1).identity;

  -- open the first persona
  dbms_crypto_toolkit.openPersona(persona);
  persona_opened := TRUE;

  -- create an attached signature associated with the current persona
  dbms_crypto_toolkit.sign(persona=>persona, input=>string_input, signature=>signature);

  -- verify the attached signature
  dbms_crypto_toolkit.verify(persona => persona,
                             signature => signature,
                             extracted_message => extracted_string,
                             verified => string_verified,
                             validated => string_validated,
                             signing_party_identity => signing_party);

  IF string_validated THEN
    dbms_output.put_line('Signature Validated');
  ELSE
    NULL;  -- need to handle failure condition
  END IF;

  IF string_verified THEN
    dbms_output.put_line('Verified');
  ELSE
    NULL;  -- need to handle failure condition
  END IF;

  -- create a detached signature associated with the current persona
  dbms_crypto_toolkit.signDetached(persona => persona,
                                  input => string_input,
                                  signature => signature);

  -- verify the detached signature
  dbms_crypto_toolkit.verifyDetached(persona => persona,
                                     data => string_input,
                                     signature => signature,
                                     verified => string_verified,
                                     validated => string_validated,
                                     signing_party_identity => signing_party);

  IF string_validated THEN
    dbms_output.put_line('Validated');
  ELSE
    NULL;  -- need to handle failure condition
  END IF;

  IF string_verified THEN
    dbms_output.put_line('Verified');
  ELSE
    NULL;  -- need to handle failure condition
  END IF;

  -- generate a hash of the current message
  dbms_crypto_toolkit.hash(persona => persona,
                           input => string_input,
                           hash => hash_string);

  IF string_input = hash_string THEN
    dbms_output.put_line('Hash Succeeded');
  END IF;

  all_done := TRUE;
  RAISE done_exception;
EXCEPTION
  WHEN OTHERS THEN
    -- close the current open persona
    IF persona_opened THEN
      dbms_crypto_toolkit.closePersona(persona);
    END IF;

    -- close the wallet
    IF wallet_opened THEN
      dbms_crypto_toolkit.closeWallet(wallet);
    END IF;

    -- stop Cryptographic Toolkit operation
    IF initialized THEN
      dbms_crypto_toolkit.terminate;
    END IF;

    IF NOT all_done THEN
      RAISE;
    END IF;
END;
/

Related Topics
DBMS_CRYPTO
DBMS_CRYPTO_FFI
DBMS_CRYPTO_TOOLKIT_TYPES
DBMS_RANDOM
DBMS_SQLHASH
Packages
UTL_RAW
Wallet

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2014 Daniel A. Morgan All Rights Reserved