Home » SQL & PL/SQL » SQL & PL/SQL » ORA:28234 - 10g
ORA:28234 - 10g [message #407929] Fri, 12 June 2009 07:23 Go to next message
aviva4500
Messages: 122
Registered: July 2008
Location: bangalore
Senior Member
Dear All,

I have created a function which encrypts and decrypts the username and password which is entered from a third party tool. But i am facing the below error.

Function used for the encryption

create or replace function vij_dec_val
(
p_in    in raw,
p_key   in raw
)
return varchar2
is
l_ret     varchar2 (2000);
l_dec_val raw (2000);
l_mod     number := dbms_crypto.ENCRYPT_AES128
                    + dbms_crypto.CHAIN_CBC
                    + dbms_crypto.PAD_PKCS5;
begin
l_dec_val := dbms_crypto.decrypt
(
p_in,
l_mod,
p_key
);
l_ret:= UTL_I18N.RAW_TO_CHAR
(l_dec_val, 'AL32UTF8');
 return l_ret;
end;


Error:

ORA-28234: key length too short
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at line 9



Can anyone help me out this please. I have given more than 100 numbers in the p_key variable but still it says the key is too short.


Thanks and regards,
Hammer
Ora: 28234 [message #407932 is a reply to message #407929] Fri, 12 June 2009 07:31 Go to previous messageGo to next message
aviva4500
Messages: 122
Registered: July 2008
Location: bangalore
Senior Member

Dear All,

I have created a function which will encrypt and decrypt the password entered forom the third party tool. But i am facing the below error which says that the key is too short. I have given the input key more that 100 digits but still no luck. can anyone help me out with this please. Waiting for your kind reply.

Function

decryption
---------
create or replace function vij_dec_val
(
p_in    in raw,
p_key   in raw
)
return varchar2
is
l_ret     varchar2 (2000);
l_dec_val raw (2000);
l_mod     number := dbms_crypto.ENCRYPT_AES128
                    + dbms_crypto.CHAIN_CBC
                    + dbms_crypto.PAD_PKCS5;
begin
l_dec_val := dbms_crypto.decrypt
(
p_in,
l_mod,
p_key
);
l_ret:= UTL_I18N.RAW_TO_CHAR
(l_dec_val, 'AL32UTF8');
 return l_ret;
end;


Error:
ORA-28234: key length too short
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at line 9


Thanks and Regards,
Hammer
Re: Ora: 28234 [message #407934 is a reply to message #407932] Fri, 12 June 2009 07:36 Go to previous messageGo to next message
JRowbottom
Messages: 5933
Registered: June 2006
Location: Sunny North Yorkshire, ho...
Senior Member
And what's confusing you?

The key that you're trying to decrypt with is too short.
See here for minimum key lengths for DES and AES decryption keys - the minimum length for an AES key is 128 bits.

Why are you trying to encrypt and decrypt a password?
The standard thing to do with passwords is to Hash them, and then compare the hashes - that way you don't run the of anyone working out what the password actually is.

[type and extra information]

[Updated on: Fri, 12 June 2009 07:37]

Report message to a moderator

Re: Ora: 28234 [message #407942 is a reply to message #407934] Fri, 12 June 2009 07:57 Go to previous messageGo to next message
aviva4500
Messages: 122
Registered: July 2008
Location: bangalore
Senior Member
Dear Jrowbottom,

Thanks for your immediate reply. I am trying to encrypt the password field in a table.So,could i know what exactly i have to give in the second variable. I have tried giving the numbers '1212' which is almost 8 bytes, but still the same.

I am sorry that i have posted the decryption function.

Below is the function for encryption.

create or replace function vij_enc_val
(
p_in    in varchar2,
p_key   in raw
)
return raw is
l_enc_val raw (2000);
l_mod     number := dbms_crypto.ENCRYPT_AES128
                    + dbms_crypto.CHAIN_CBC
                    + dbms_crypto.PAD_PKCS5;
begin
l_enc_val := dbms_crypto.encrypt
(
UTL_I18N.STRING_TO_RAW
(p_in, 'AL32UTF8'),
l_mod,
p_key
 );
return l_enc_val;
end;




Thanks and Regards,
Hammer

[Updated on: Fri, 12 June 2009 07:59]

Report message to a moderator

Re: Ora: 28234 [message #407943 is a reply to message #407942] Fri, 12 June 2009 08:12 Go to previous messageGo to next message
Michel Cadot
Messages: 64102
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
I have tried giving the numbers '1212' which is almost 8 bytes, but still the same.

1212 is 4 bytes for a string, 2 bytes in binaary number, 3 bytes Oracle format, far from 8 bytes and in addition your key should at least 128 bits that is 16 bytes.

Regards
Michel
Re: Ora: 28234 [message #407945 is a reply to message #407942] Fri, 12 June 2009 08:18 Go to previous message
JRowbottom
Messages: 5933
Registered: June 2006
Location: Sunny North Yorkshire, ho...
Senior Member
Quote:
I am trying to encrypt the password field in a table.

That's what you're doing wrong.
If you encrypt the password, then it can be decrypted.
If you store a hash of the password in the table (using something like DBMS_CRYPTO.HASH) then the original password cannot be recovered and stolen. All you have to do to check if the correct password has been entered is to hash the entered password and compare the two hash values.

In case logic doesn't convince you, I'll include an argument from authority and point out that that's the way that Oracle stores your password in the database.
Previous Topic: if condition for inserts
Next Topic: Problem with to_char function
Goto Forum:
  


Current Time: Fri Dec 02 23:12:38 CST 2016

Total time taken to generate the page: 0.10459 seconds