Skip to Main Content
Forums

SQL & PL/SQL

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Dbms_Crypto.Encrypt

N999Jan 6 2016 — edited Jan 7 2016

Hi All,

I would like to encrypt and decrypt a particular number value using 'SHA-1 Message Authentication Code'.

My intention of using dbms_crypto.encrypt using HMAC_SH1 was users should use same key for encryption and decryption but seems like using other key for decryption users were able to decrypt the string passed. Whats wrong with the below code ?

Reference from Oracle Docs : http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_crypto.htm

Plsql Code :

-------------------------------------------------------------

DECLARE

   input_string       VARCHAR2 (200) :=  '123456';

   l_encrypt_key      VARCHAR2(2000) := '1215181167716155195232915411';

   l_decrypt_key      VARCHAR2(2000) := '1215181167716154262212312345';

   output_string      VARCHAR2 (200);

   encrypted_raw      RAW (2000);             -- stores encrypted binary text

   decrypted_raw      RAW (2000);             -- stores decrypted binary text

   key_bytes_raw      RAW (32);               -- stores encryption key

   encryption_type    PLS_INTEGER :=          -- total encryption type - cipher suite

                            DBMS_CRYPTO.HMAC_SH1 + DBMS_CRYPTO.CHAIN_CBC + DBMS_CRYPTO.PAD_PKCS5;

BEGIN

   DBMS_OUTPUT.PUT_LINE ( 'Original string: ' || input_string);

   key_bytes_raw := UTL_I18N.STRING_TO_RAW (l_encrypt_key, 'AL32UTF8'); ---

   DBMS_OUTPUT.PUT_LINE ( 'Key Bytes Raw string: ' || key_bytes_raw);

  

   encrypted_raw := DBMS_CRYPTO.ENCRYPT

      (

         src => UTL_I18N.STRING_TO_RAW (input_string,  'AL32UTF8'),

         typ => encryption_type,

         key => key_bytes_raw

      );

  

   DBMS_OUTPUT.PUT_LINE ( 'Encrypted Raw string: ' || encrypted_raw);

  

    -- The encrypted value "encrypted_raw" can be used here

    key_bytes_raw := UTL_I18N.STRING_TO_RAW (l_decrypt_key, 'AL32UTF8'); ---

   DBMS_OUTPUT.PUT_LINE ( 'Key Bytes Raw string: ' || key_bytes_raw);

  

   decrypted_raw := DBMS_CRYPTO.DECRYPT

      (

         src => encrypted_raw,

         typ => encryption_type,

         key => key_bytes_raw

      );

   DBMS_OUTPUT.PUT_LINE ( 'Decrypted Raw string: ' || decrypted_raw);

  

   output_string := UTL_I18N.RAW_TO_CHAR (decrypted_raw, 'AL32UTF8');

   DBMS_OUTPUT.PUT_LINE ('Decrypted string: ' || output_string);

END;

/

Output:

--------------------------------------

Original string: 123456

Key Bytes Raw string: 31323135313831313637373136313535313935323332393135343131

Encrypted Raw string: 8F4B3B0F9FAA77D7

Key Bytes Raw string: 31323135313831313637373136313534323632323132333132333435

Decrypted Raw string: 313233343536

Decrypted string: 123456
This post has been answered by unknown-7404 on Jan 6 2016
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 4 2016
Added on Jan 6 2016
16 comments
1,562 views