RE: DBMS_CRYPTO Error

From: Kenneth Naim <kennethnaim_at_gmail.com>
Date: Tue, 24 Apr 2012 10:39:40 -0400
Message-ID: <02f901cd2228$162b11d0$42813570$_at_gmail.com>

Good Morning Norman,
Thanks, I did figure out that it had to be padded and it seems in 11g there are a few built in padding options (PAN_NONE, PAD_ZERO, PAD_ORCL etc.) which I'm now using and the code is working.

Ken

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Norman Dunbar
Sent: Tuesday, April 24, 2012 2:35 AM
To: oracle-l_at_freelists.org
Subject: Re: DBMS_CRYPTO Error

Morning Ken,

On 23/04/12 20:54, Norman Dunbar wrote:
> I'm not 100% sure as I'm away from my desk at present, but I think
> when I used DES3 a few years ago, I needed to pad the text to be
> encrypted to a multiple of some length. I'll check tomorrow.

I'm in the office and I've checked my code. It is true, the data to be encrypted needs to be a multiple of 8 characters long. As per this from my code's package body:

function encrypt(iString in blob) return blob as

	vData raw(1024);
	vBlob blob;

begin
	-- Extract raw data, pad it out &  encrypt it
	vData := BlobToRaw(iBlob => iString,
			iPad => true);

	vData := dbms_obfuscation_toolkit.DESEncrypt(...);

The BlobToRaw code is this:

function BlobToRaw(iBlob in blob, iPad in boolean := true) as

	vRaw raw(1024;
	vLength number;
	vPad integer
	...
begin
	vLength := dbms_lob.GetLength(iBlob);
	if (vLength <> 0) then
		-- Read blob into raw
		...
	end if;

	-- Pad if required
	if (iPad) then
		vPad := 8 - mod(vLength, 8);
		if (vPad <> 0) then
		vRaw := utl_raw.concat(vRaw,
				utl_raw.cast_to_raw(rpad(chr(0),
							vPad,
							chr(0))
				)
			);
		end if;
	end if;

...

I remember reading somewhere that the data has to be an exact multiple of 8 characters long. In the docs for dbms_obfuscation_toolkit for 9i I think.

I also note that I seem to have used the iPad name long before Apple, wonder if I can sue! ;-)

By the way, this was part of a password vault system I had to write many many years ago, all my data are well short of the 1024 characters I'm using for the RAWs above.

HTH Cheers,
Norm.

--
Norman Dunbar
Dunbar IT Consultants Ltd

Registered address:
Thorpe House
61 Richardshaw Lane
Pudsey
West Yorkshire
United Kingdom
LS28 7EL

Company Number: 05132767
--
http://www.freelists.org/webpage/oracle-l


-----

Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12

-----

Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2411/4956 - Release Date: 04/24/12

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Apr 24 2012 - 09:39:40 CDT

This message: [ Message body ]
Next message: Jared Still: "Re: Thoughts on Linux, Oracle, and VLM"
Previous message: Herring Dave - dherri: "RE: OT: bash vs. ksh subprocess counts"
In reply to: Norman Dunbar: "Re: DBMS_CRYPTO Error"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message