Using ASP.NET to encrypt and then PL/SQL to decrypt (TDES)
642092May 29 2008 — edited May 30 2008I'm looking to protect data in-transit from the client PC browser to the web server. Do not have HTTPS.
I have an ASP.NET web app (coded in VB.NET) and I am encrypting the data using TripleDES (TripleDESCryptoServiceProvider object). I have a KEY and an IV value on the web server used to perform the encryption....
I pass the encrypted value to an Oracle stored procedure using an OracleCommandObject in ASP.NET web page.
However, when I receive it in the Oracle package, I can't decrypt it using PL/SQL (dbms_obfuscation_toolkit)..... Oracle's implementation of TDES doesn't have an IV -- it just a Key........
l_datar := dbms_obfuscation_toolkit.des3decrypt
(input => utl_raw.cast_to_raw(p_data),
key => utl_raw.cast_to_raw(p_key),
which => dbms_obfuscation_toolkit.ThreeKeyMode);
If anyone knows of any example code doing this ASP.NET encryption to PL/SQL decryption, I'd appreciate you posting a link to it.
And I'm also interested in other suggestions or approaches to protecting the data while being transmitted over unsecure transports.
Thanks,
M