Re: dbms_obfuscation_toolkit package

On Apr 17, 2:44 am, "Oracle User" <ramba..._at_gmail.com> wrote:
> I am using the dbms_obfuscation_toolkit to encrypt data and store it
> in the database. But, using the same parameters when we generate the
> encrypted data in Java, the result is different from the one
> generated from the database.
> Is there any conversions to be done, so that the encrypted string
> generated by the db and java are the same?. We both did base64
> conversion but the results generated by the dbms_obfuscation_toolkit
> and des3encryption in java produces different strings.
>
> Any input appreciated

The most important question is this: is the data encrypted in Oracle being correctly decrypted in Java, and vice-versa? If it does, then it's probably padding. Otherwise it can be difference in cypher parameters or in source data itself (due to different character sets - Java strings are Unicode.) If you're on 10g, I'd recommend you to move to DBMS_CRYPTO package as it gives more control over cypher parameters and you can be sure the same cypher mode and padding are used in Java and in the db. Also, make sure the data is in the same character set on both ends. In Oracle, I would convert the data to AL32UTF8 and cast the result to RAW to avoid any implicit charset conversions, and in Java I'd do the same using String.getBytes("UTF-8").

Hth,

   Vladimir M. Zakharychev
   N-Networks, makers of Dynamic PSP(tm)    http://www.dynamicpsp.com Received on Tue Apr 17 2007 - 01:58:24 CDT