Oracle Consulting Oracle Training Development

Remote DBA

Remote DBA Plans  

Remote DBA Service

Remote DBA RAC

   
Remote DBA Oracle Home
Remote DBA Oracle Training
Remote DBA SQL Tuning Consulting
Remote DBA Oracle Tuning Consulting
Remote DBA Data Warehouse Consulting
Remote DBA Oracle Project Management
Remote DBA Oracle Security Assessment
Remote DBA Unix Consulting
Burleson Books
Burleson Articles
Burleson Web Courses
Burleson Qualifications
Oracle Links
Remote DBA Oracle Monitoring
Remote DBA Support Benefits
Remote DBA Plans & Prices
Our Automation Strategy
What We Monitor
Oracle Apps Support
Print Our Brochure
Contact Us (e-mail)
Oracle Job Opportunities
Oracle Consulting Prices





   

 

 

 

Remote DBA services

Remote DBA Support

Remote DBA RAC

Remote DBA Reasons

Remote Oracle Tuning

Remote DBA Links

Oracle DBA Support

Oracle DBA Forum

Oracle Disaster

Oracle Training

Oracle Tuning

Oracle Training

 Remote DBA SQL Server

Remote MSSQL Consulting

Oracle DBA Hosting

Oracle License Negotiation

 

 


 

 

 

        
 

 Oracle DBMS_CRYPTO
Oracle Tips by Burleson Consulting

Advanced Oracle Utilities: The Definitive Reference by Rampant TechPress is written by four of the top Oracle database experts (Bert Scalzo, Donald Burleson, and Steve Callan).  The following is an excerpt from the book.

DBMS_CRYPTO

Dbms_crypto provides a modern and effectual ability to encrypt and decrypt data using any of the following cryptographic algorithms:

  • Data Encryption Standard (DES)

  • Triple DES (3DES, 2-key and 3-key)

  • Advanced Encryption Standard (AES)

  • MD5, MD4, and SHA-1 cryptographic hashes

  • MD5 and SHA-1 Message Authentication Code (MAC)

Be aware that effective dbms_crypto usage requires a general level of security familiarity and/or expertise. Key management is entirely programmatic, thus the application, or caller of dbms_crypto, must supply the encryption key. Furthermore, the application is responsible for storing and retrieving keys securely. Common options for applications storing keys include within the database, on the operating system, and user self-managed. Of course, one can always rely instead upon Oracle’s encrypted tables and tablespaces and their inherently automatic key management.

 

Dbms_obfuscation_toolkit usage should be replaced by the newer dbms_crypto package, available in 10g and later, which offers more modern and secure cryptographic algorithms as well as support for more database data types.

 

There are a few enumerated constants that one must know to use this package:

 

-- Hash Functions

HASH_MD4           CONSTANT PLS_INTEGER            :=     1;

HASH_MD5           CONSTANT PLS_INTEGER            :=     2;

HASH_SH1           CONSTANT PLS_INTEGER            :=     3;

 

-- MAC Functions

HMAC_MD5           CONSTANT PLS_INTEGER            :=     1;

HMAC_SH1           CONSTANT PLS_INTEGER            :=     2;

 

-- Block Cipher Algorithms

ENCRYPT_DES        CONSTANT PLS_INTEGER            :=     1;  -- 0x0001

ENCRYPT_3DES_2KEY  CONSTANT PLS_INTEGER            :=     2;  -- 0x0002

ENCRYPT_3DES       CONSTANT PLS_INTEGER            :=     3;  -- 0x0003

ENCRYPT_AES        CONSTANT PLS_INTEGER            :=     4;  -- 0x0004

ENCRYPT_PBE_MD5DES CONSTANT PLS_INTEGER            :=     5;  -- 0x0005

ENCRYPT_AES128     CONSTANT PLS_INTEGER            :=     6;  -- 0x0006

ENCRYPT_AES192     CONSTANT PLS_INTEGER            :=     7;  -- 0x0007

ENCRYPT_AES256     CONSTANT PLS_INTEGER            :=     8;  -- 0x0008

 

-- Block Cipher Chaining Modifiers

CHAIN_CBC          CONSTANT PLS_INTEGER            :=   256;  -- 0x0100

CHAIN_CFB          CONSTANT PLS_INTEGER            :=   512;  -- 0x0200

CHAIN_ECB          CONSTANT PLS_INTEGER            :=   768;  -- 0x0300

CHAIN_OFB          CONSTANT PLS_INTEGER            :=  1024;  -- 0x0400

 

-- Block Cipher Padding Modifiers

PAD_PKCS5          CONSTANT PLS_INTEGER            :=  4096;  -- 0x1000

PAD_NONE           CONSTANT PLS_INTEGER            :=  8192;  -- 0x2000

PAD_ZERO           CONSTANT PLS_INTEGER            := 12288;  -- 0x3000

PAD_ORCL           CONSTANT PLS_INTEGER            := 16384;  -- 0x4000

 

-- Stream Cipher Algorithms

ENCRYPT_RC4        CONSTANT PLS_INTEGER            :=   129;  -- 0x0081

 

-- Convenience Constants for Block Ciphers

DES_CBC_PKCS5      CONSTANT PLS_INTEGER            := ENCRYPT_DES

                                                    + CHAIN_CBC

                                                    + PAD_PKCS5;

 

DES3_CBC_PKCS5     CONSTANT PLS_INTEGER            := ENCRYPT_3DES

                                                    + CHAIN_CBC

                                                    + PAD_PKCS5;

 

AES_CBC_PKCS5      CONSTANT PLS_INTEGER            := ENCRYPT_AES

                                                    + CHAIN_CBC

                                                    + PAD_PKCS5;

 

Below are the dbms_crypto procedures and functions but remember, security and especially this package are not for novices or security neophytes. If one loses a key or improperly implements any factors, the data will almost surely be unrecoverable.

 

Decrypt is an overloaded procedure for decrypting the data with the following parameters and defaults.

 

Argument

Type

In / Out

Default Value

DS

BLOB | CLOB

IN | OUT

 

SRC

BLOB

IN

 

TYP

PLS_INTEGER

IN

 

KEY

RAW

IN

 

IV

RAW

IN

NULL

Table 6.20:  Decrypt Parameters

 

Decrypt is also an overloaded function for decrypting the date with the following parameters and defaults, returning a RAW value.

 

Argument

Type

In / Out

Default Value

SRC

BLOB

IN

 

TYP

PLS_INTEGER

IN

 

KEY

RAW

IN

 

IV

RAW

IN

NULL

Table 6.21:  Additional Decrypt Parameters

Encrypt is an overloaded procedure for encrypting the data with the following parameters and defaults.

 

Argument

Type

In / Out

Default Value

DST

BLOB | CLOB

IN | OUT

 

SRC

BLOB

IN

 

TYP

PLS_INTEGER

IN

 

KEY

RAW

IN

 

IV

RAW

IN

NULL

Table 6:22:  Encrypt Parameters

Encrypt is also an overloaded function for encrypting the data with the following parameters and defaults, returning a RAW value.

 

Argument

Type

In / Out

Default Value

SRC

BLOB

IN

 

TYP

PLS_INTEGER

IN

 

KEY

RAW

IN

 

IV

RAW

IN

NULL

Table 6.23:  Additional Encrypt Parameters

Hash is a function that accepts an input string and returns a unique identifier based upon the value as a RAW value.

 

Argument

Type

In / Out

Default Value

SRC

RAW |BLOB | CLOB

IN

 

TYP

PLS_INTEGER

IN

 

Table 6.24:  Hash  Parameters

MAC for message authentication code is similar to hash, but it is based off a supplied key as well as the data. It also returns the result via a RAW value.

 

Argument

Type

In / Out

Default Value

SRC

RAW |BLOB | CLOB

IN

 

TYP

PLS_INTEGER

IN

 

KEY

RAW

IN

 

Table 6.25:  Mac Parameters

The remaining functions provide simple random number generation, and include:

DBMS_CRYPTO.RANDOMBYTES (number_bytes IN POSITIVE) RETURN RAW;

 

DBMS_CRYPTO.RANDOMINTEGER RETURN BINARY_INTEGER;

 

DBMS_CRYPTO.RANDOMNUMBER RETURN NUMBER;

     


Fo
r more details on Oracle utilities, see the book "Advanced Oracle Utilities" by Bert Scalzo, Donald K. Burleson, and Steve Callan.

You can buy it direct from the publisher for 30% off directly from Rampant TechPress.

Remote DBA Service
 

Oracle Tuning Book

 

Advance SQL Tuning Book 

BC Oracle support

Oracle books by Rampant

Oracle monitoring software

 

 

 

 

 

 

 

 

 

BC Remote Oracle Support

Remote DBA

Remote DBA Services

Copyright © 1996 -  2013 by Burleson. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.