Home » RDBMS Server » Server Administration » Encryption issue (10.2.0.3, WIndows 2003)
Encryption issue [message #447227] Fri, 12 March 2010 09:22 Go to next message
newsurfgal
Messages: 12
Registered: August 2009
Junior Member
Hi all,

We are currently using DES encryption method and planning to implement AES256 bit encryption..

Below is the procedure we are using for DES encryption


CREATE OR REPLACE procedure encdes
	(in_string IN varchar2,
	in_key IN varchar2,
	out_string OUT varchar2) as

p_in varchar2(96) := in_string;
p_out_str varchar2(96);

BEGIN
	dbms_obfuscation_toolkit.DESEncrypt(
		input_string => p_in,
		key_string =>  in_key,
		encrypted_string => p_out_str);

out_string := RAWTOHEX(UTL_RAW.CAST_TO_RAW(p_out_str));

END encdes;
/

SQL> DECLARE
  2    IN_STRING VARCHAR2(200);
  3    IN_KEY VARCHAR2(200);
  4    OUT_STRING VARCHAR2(200);
  5
  6  BEGIN
  7    IN_STRING := '1234567890123456';
  8    IN_KEY := '12345678';
  9    OUT_STRING := NULL;
 10
 11    PUBS.ENCDES ( IN_STRING, IN_KEY, OUT_STRING );
 12
 13    DBMS_OUTPUT.Put_Line('OUT_STRING = ' || OUT_STRING);
 14
 15    DBMS_OUTPUT.Put_Line('');
 16
 17    COMMIT;
 18  END;
 19  /
OUT_STRING = 96D0028878D58C896769D2A8823003EB

PL/SQL procedure successfully completed.


Below is the procedure I created for AES256 bit, we would like to use the same input parameters as in DES to work from the application. So we need to pass the in_key as 8 key value but using AES256, for 256 but encryption..

CREATE OR REPLACE procedure encaes
	(in_string IN varchar2,
	 in_key IN varchar2,
	 out_string OUT varchar2) as

p_in 		raw(4000);
p_key		raw(4000);
p_out_str	raw(4000);

enc_type pls_integer := DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC
                          + DBMS_CRYPTO.PAD_PKCS5;

BEGIN

  p_in  := utl_i18n.string_to_raw (in_string, 'AL32UTF8');
  p_key := utl_i18n.string_to_raw (in_key,'AL32UTF8');

  p_out_str := DBMS_CRYPTO.ENCRYPT (
                src => p_in,
                key => p_key,
                typ => enc_type );

  out_string := RAWTOHEX (p_out_str);

end;
/

SQL> DECLARE
  2    IN_STRING VARCHAR2(200);
  3    IN_KEY VARCHAR2(200);
  4    OUT_STRING VARCHAR2(200);
  5
  6  BEGIN
  7    IN_STRING := '12345678901234';
  8    IN_KEY := '12345678';
  9    OUT_STRING := NULL;
 10
 11    PUBS.ENCAES ( IN_STRING, IN_KEY, OUT_STRING );
 12
 13    DBMS_OUTPUT.Put_Line('OUT_STRING = ' || OUT_STRING);
 14
 15    DBMS_OUTPUT.Put_Line('');
 16
 17    COMMIT;
 18  END;
 19  /
DECLARE
*
ERROR at line 1:
ORA-28234: key length too short
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at "TEST.ENCAES", line 18
ORA-06512: at line 11


I'm confused on how many bytes I need to pass for in_key parameter.. Should it be 32bytes?

We just need 256bit encryption,is it possible to use AES256 without Cipher and padding?

Thanks so much
Re: Encryption issue [message #447236 is a reply to message #447227] Fri, 12 March 2010 10:25 Go to previous messageGo to next message
Michel Cadot
Messages: 63801
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
I'm confused on how many bytes I need to pass for in_key parameter.. Should it be 32bytes?

32 bytes.
You can duplicates 4 times the key given by your application if you don't wnat to change it but you loose some effiency in the algorithm, I advice to not just put 4 times the input key but to scramble these bytes in an algorithm only you know.

Quote:
We just need 256bit encryption,is it possible to use AES256 without Cipher and padding?

I think you mean chaining and padding. Yes, you can for padding use PAD_NONE but you must be sure the data are a multiple of the block, or PAD_ZERO, for chaining use CHAIN_ECB, but once again you loose efficiency in the encryption.

Regards
Michel


Re: Encryption issue [message #447503 is a reply to message #447227] Mon, 15 March 2010 09:19 Go to previous messageGo to next message
newsurfgal
Messages: 12
Registered: August 2009
Junior Member
Thanks Michael.

Also wanted to find out if DBMS_crypto AES256 is 2 key based?

Thanks
Re: Encryption issue [message #447506 is a reply to message #447503] Mon, 15 March 2010 09:59 Go to previous messageGo to next message
Michel Cadot
Messages: 63801
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
What do you mean?

Regards
Michel
Re: Encryption issue [message #447510 is a reply to message #447227] Mon, 15 March 2010 10:22 Go to previous messageGo to next message
newsurfgal
Messages: 12
Registered: August 2009
Junior Member
Like, 3DES-2key algorithm is 2 key based I'm trying to find out if AES256 is 2 keys as well? sorry if i'm not making any sense..

Is there any documentation specific to aes256 encryption?

Thanks again for your help
Re: Encryption issue [message #447515 is a reply to message #447510] Mon, 15 March 2010 11:33 Go to previous message
Michel Cadot
Messages: 63801
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
No there is only one key.

Quote:
Is there any documentation specific to aes256 encryption?

A lot you can find using Google, and starting with wikipedia.

Regards
Michel
Previous Topic: How do view table constraints information (the correct way)
Next Topic: Unable to use existnig oraInventory location during installation
Goto Forum:
  


Current Time: Sat Sep 24 21:35:40 CDT 2016

Total time taken to generate the page: 0.28882 seconds