ORA:28234 - 10g [message #407929] |
Fri, 12 June 2009 07:23  |
aviva4500
Messages: 122 Registered: July 2008 Location: bangalore
|
Senior Member |
|
|
Dear All,
I have created a function which encrypts and decrypts the username and password which is entered from a third party tool. But i am facing the below error.
Function used for the encryption
create or replace function vij_dec_val
(
p_in in raw,
p_key in raw
)
return varchar2
is
l_ret varchar2 (2000);
l_dec_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
begin
l_dec_val := dbms_crypto.decrypt
(
p_in,
l_mod,
p_key
);
l_ret:= UTL_I18N.RAW_TO_CHAR
(l_dec_val, 'AL32UTF8');
return l_ret;
end;
Error:
ORA-28234: key length too short
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at line 9
Can anyone help me out this please. I have given more than 100 numbers in the p_key variable but still it says the key is too short.
Thanks and regards,
Hammer
|
|
|
Ora: 28234 [message #407932 is a reply to message #407929] |
Fri, 12 June 2009 07:31   |
aviva4500
Messages: 122 Registered: July 2008 Location: bangalore
|
Senior Member |
|
|
Dear All,
I have created a function which will encrypt and decrypt the password entered forom the third party tool. But i am facing the below error which says that the key is too short. I have given the input key more that 100 digits but still no luck. can anyone help me out with this please. Waiting for your kind reply.
Function
decryption
---------
create or replace function vij_dec_val
(
p_in in raw,
p_key in raw
)
return varchar2
is
l_ret varchar2 (2000);
l_dec_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
begin
l_dec_val := dbms_crypto.decrypt
(
p_in,
l_mod,
p_key
);
l_ret:= UTL_I18N.RAW_TO_CHAR
(l_dec_val, 'AL32UTF8');
return l_ret;
end;
Error:
ORA-28234: key length too short
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 10
ORA-06512: at line 9
Thanks and Regards,
Hammer
|
|
|
Re: Ora: 28234 [message #407934 is a reply to message #407932] |
Fri, 12 June 2009 07:36   |
JRowbottom
Messages: 5933 Registered: June 2006 Location: Sunny North Yorkshire, ho...
|
Senior Member |
|
|
And what's confusing you?
The key that you're trying to decrypt with is too short.
See here for minimum key lengths for DES and AES decryption keys - the minimum length for an AES key is 128 bits.
Why are you trying to encrypt and decrypt a password?
The standard thing to do with passwords is to Hash them, and then compare the hashes - that way you don't run the of anyone working out what the password actually is.
[type and extra information]
[Updated on: Fri, 12 June 2009 07:37] Report message to a moderator
|
|
|
Re: Ora: 28234 [message #407942 is a reply to message #407934] |
Fri, 12 June 2009 07:57   |
aviva4500
Messages: 122 Registered: July 2008 Location: bangalore
|
Senior Member |
|
|
Dear Jrowbottom,
Thanks for your immediate reply. I am trying to encrypt the password field in a table.So,could i know what exactly i have to give in the second variable. I have tried giving the numbers '1212' which is almost 8 bytes, but still the same.
I am sorry that i have posted the decryption function.
Below is the function for encryption.
create or replace function vij_enc_val
(
p_in in varchar2,
p_key in raw
)
return raw is
l_enc_val raw (2000);
l_mod number := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC
+ dbms_crypto.PAD_PKCS5;
begin
l_enc_val := dbms_crypto.encrypt
(
UTL_I18N.STRING_TO_RAW
(p_in, 'AL32UTF8'),
l_mod,
p_key
);
return l_enc_val;
end;
Thanks and Regards,
Hammer
[Updated on: Fri, 12 June 2009 07:59] Report message to a moderator
|
|
|
|
Re: Ora: 28234 [message #407945 is a reply to message #407942] |
Fri, 12 June 2009 08:18  |
JRowbottom
Messages: 5933 Registered: June 2006 Location: Sunny North Yorkshire, ho...
|
Senior Member |
|
|
Quote: | I am trying to encrypt the password field in a table.
|
That's what you're doing wrong.
If you encrypt the password, then it can be decrypted.
If you store a hash of the password in the table (using something like DBMS_CRYPTO.HASH) then the original password cannot be recovered and stolen. All you have to do to check if the correct password has been entered is to hash the entered password and compare the two hash values.
In case logic doesn't convince you, I'll include an argument from authority and point out that that's the way that Oracle stores your password in the database.
|
|
|