| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: storing encrypted data in oracle
Hi:
The obfuscation toolkit relies on features only present in 8.1.6, so you'll have to wait for the release to use it. BTW, 8.1.7 has just released, so I suggest that you use that.
Bear in mind that you will need to manage the encryption keys yourself, so consider carefully where you are going to store them. There is a paper on the technet web site in the security section that discusses that uses and misuses of database data encryption.
As for using the example below, I would wait until the toolkit is available. IMO, this is too easy to break.
Rick
catatony_at_my-deja.com writes:
> I successfully set up and tested the encrypt and decrypt functions.
> Thanks much for your help, this solution may work for us.
>
> We are upgrading to 8.1.6 toward the middle of the year, so at that
> point I can explore DBMS_OBFUSCATION_TOOLKIT. However, I wonder if it
> would be possible to bring the DBMS_OBFUSCATION_TOOLKIT package into an
> 8.1.5 environment? Is there anything new about 8.1.6 that enables
> DBMS_OBFUSCATION_TOOLKIT, or is it just a new package?
>
> In article <946e5p$svu$1_at_news3.inter.net.il>,
> "sysdba" <sysdba_at_inter.net.il> wrote:
> > hi
> >
> > there's a package called DBMS_OBFUSCATION_TOOLKIT, but its available
in >
> > 8.1.6.
> > I know its not what u asked, but U can use a function manualy
configured to
> > give some
> > encryption yourself. here is a sample from Oracle knowledge base:
> >
> > ===============================================================
> >
> > CREATE OR REPLACE FUNCTION encrypt( convstr IN VARCHAR2 ) RETURN
VARCHAR2 IS
> > retstr VARCHAR2( 32000 ):= NULL;
> > tempno NUMBER;
> > BEGIN
> > FOR i IN 1 .. length( convstr ) LOOP
> > tempno:= ascii( substr( convstr, i, 1 ));
> > retstr:= retstr || ltrim( to_char( tempno + 60, '000' ));
> > END LOOP;
> >
> > RETURN retstr;
> > END;
> > /
> >
> > CREATE OR REPLACE FUNCTION decrypt( convstr IN VARCHAR2 ) RETURN
VARCHAR2 IS
> > retstr VARCHAR2( 32000 ):= NULL;
> > tempch VARCHAR2( 2 );
> > loopno NUMBER;
> > stepno NUMBER;
> > BEGIN
> > loopno:= length( convstr ) / 3;
> > FOR i IN 1 .. loopno LOOP
> > stepno:= i * 3 - 2;
> > tempch:= chr( to_number( substr( convstr, stepno, 3 )) - 60 );
> > retstr:= retstr || tempch;
> > END LOOP;
> >
> > RETURN retstr;
> > END;
> > /
> >
> > - - - - - - - - - - - - - - - - Code ends
> > here - - - - - - - - - - - - - - - -
> >
> > Sample Output
> > -------------
> >
> > SQL> SELECT encrypt('mystr') FROM dual;
> >
> > ENCRYPT('MYSTR')
> > ---------------------------------------
> > 169181175176174
> >
> > SQL> SELECT decrypt('169181175176174') FROM dual;
> >
> > DECRYPT('169181175176174')
> > -------------------------------------------------
> > mystr
> > ================================================================
> >
> > Hope this will help,
> >
> > Asaf Shoval
> > Oracle Israel Support Center
> >
> > <catatony_at_my-deja.com> wrote in message
news:9456st$on7$1_at_nnrp1.deja.com...
> > > I would like to store initial settings for unix usernames and
associated
> > > passwords (for newly created accounts) in an oracle table for
reference
> > > purposes. However, I want to encrypt the password so that the data
is
> > > more secure. How could I use oracle to perform the
> > > encryption/decryption? Would it be smarter/easier to encrypt the
data
> > > before insertion using some non-oracle method? If so, how?
> > >
> > > (Oracle 8.1.5; Solaris 2.6)
> > >
> > > Thanks,
> > > Tony Catania
> > >
> > >
> > > Sent via Deja.com
> > > http://www.deja.com/
> >
> >
>
>
> Sent via Deja.com
> http://www.deja.com/
--
Thanks,
Rick
Rick Wessman
Server Security Group
Oracle Corporation
Rick.Wessman_at_oracle.com
The opinions expressed above are mine and do not necessarily reflect
those of Oracle Corporation.
Received on Thu Jan 18 2001 - 19:07:26 CST
 |
 |