Oracle Database

Page 302

Examples of Using the Data Encryption API

Table 9–2

GETHASH Function Parameters

Parameter Name

Description

sqltext

The SQL statement whose result is hashed.

digest_type

Hash algorithm used: HASH_MD4, HASH_MD5, or HASH_ SH1

chunk_size

Size of the result chunk when getting the hash When the result set size is large, the GETHASH function breaks it into chunks having a size equal to chunk_size. It generates the hash for each chunk and then uses hash chaining to calculate the final hash. The default chunk_size is 128 megabytes.

Examples of Using the Data Encryption API This section provides the following examples: ■

Example of a Data Encryption Procedure

Example of AES 256-Bit Data Encryption and Decryption Procedures

Example of Encryption and Decryption Procedures for BLOB Data

Example of a Data Encryption Procedure The following sample PL/SQL program (dbms_crypto.sql) shows how to encrypt data. This example code performs the following actions: ■

Encrypts a string (VARCHAR2 type) using DES after first converting it into the RAW data type. This step is necessary because encrypt and decrypt functions and procedures in DBMS_CRYPTO package work on the RAW data type only, unlike functions and packages in the DBMS_OBFUSCATION_TOOLKIT package.

■ ■

Shows how to create a 160-bit hash using SHA-1 algorithm. Demonstrates how MAC, a key-dependent one-way hash, can be computed using the MD5 algorithm.

The dbms_crypto.sql procedure follows: DECLARE input_string VARCHAR2(16) := 'tigertigertigert'; raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(input_string,'AL32UTF8','US7ASCII')); key_string VARCHAR2(8) := 'scottsco'; raw_key RAW(128) := UTL_RAW.CAST_TO_RAW(CONVERT(key_string,'AL32UTF8','US7ASCII')); encrypted_raw RAW(2048); encrypted_string VARCHAR2(2048); decrypted_raw RAW(2048); decrypted_string VARCHAR2(2048); -- 1. Begin testing Encryption BEGIN dbms_output.put_line('> Input String : ' || CONVERT(UTL_RAW.CAST_TO_VARCHAR2(raw_input),'US7ASCII','AL32UTF8')); dbms_output.put_line('> ========= BEGIN TEST Encrypt ========='); encrypted_raw := dbms_crypto.Encrypt( src => raw_input, typ => DBMS_CRYPTO.DES_CBC_PKCS5, key => raw_key); 9-12

Oracle Database Security Guide

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.