GeneralInformation
Source{ORACLE_HOME}/rdbms/admin/dbmsobtk.sql
AlgorithmConstantsNameDataTypeValue
HashFunctions
HASH_MD4 (128 bit hash)PLS_INTEGER1
HASH_MD5 (128 bit hash)PLS_INTEGER2
HASH_SH1 (160 bit hash)PLS_INTEGER3
MACFunctions
HMAC_MD5 (128 bit hash)PLS_INTEGER1
HMAC_SH1 (160 bit hash)PLS_INTEGER2
Block CipherAlgorithms
ENCRYPT_DES (56 bit)PLS_INTEGER1; --0x0001
ENCRYPT_3DES_2KEY (128bit)PLS_INTEGER2; --0x0002
ENCRYPT_3DESPLS_INTEGER3; --0x0003
ENCRYPT_AES128 (128 bit)PLS_INTEGER6; --0x0006
ENCRYPT_AES192 (192 bit)PLS_INTEGER7; --0x0007
ENCRYPT_AES256 (256 bit)PLS_INTEGER8; --0x0008
ENCRYPT_RC4 (StreamCipher)PLS_INTEGER129; --0x0081
Block Cipher ChainingModifiers
CHAIN_CBC (Cipher BlockChaining)PLS_INTEGER256; --0x0100
CHAIN_CFB (CipherFeedback)PLS_INTEGER512; --0x0200
CHAIN_ECB (Electroniccookbook)PLS_INTEGER768; --0x0300
CHAIN_OFB (OutputFeedback)PLS_INTEGER1024; --0x0400
Block Cipher PaddingModifiers
PAD_PKCS5 (Complies with PKCS#5)PLS_INTEGER4096; --0x1000
PAD_NONE (No Dadding)PLS_INTEGER8192; --0x2000
PAD_ZERO (Pad with Zeros)PLS_INTEGER12288; --0x3000
Block CiphersSuites
DES_CBC_PKCS5PLS_INTEGERENCRYPT_DES
+ CHAIN_CBC
+ PAD_PKCS5;
DES3_CBC_PKCS5PLS_INTEGERENCRYPT_3DES
+ CHAIN_CBC
+ PAD_PKCS5;
DependenciesDBMS_CRYPTO_FFIDECRYPTBYTESENCRYPTBYTES
DECRYPTENCRYPTUTL_RAW
ExceptionsErrorCodeReason
28827The specified cipher suite is notdefined
28829No value has been specified for thecipher suite to be used
28233Source data was previouslyencrypted
28234DES: Specified key size too short. DESkeys must be at least 8 bytes (64 bits).
AES: Specified key size is not supported. AES keys must be 128,192, or 256 bits
28239The encryption key has not beenspecified or contains a NULL value
DECRYPT
Decrypt crypt text data using stream or block cipher with usersupplied key and optional iv
Overload 1dbms_crypto.decrypt(src IN RAW, typ IN PLS_INTEGER, key INRAW,
iv IN RAW DEFAULT NULL) RETURN RAW;
See Encrypt Overload 1 demo
Overload 2dbms_crypto.decrypt(dst IN OUT NOCOPY BLOB, src IN BLOB,
typ IN PLS_INTEGER, key IN RAW, iv IN RAW DEFAULTNULL);
Overload 3dbms_crypto.decrypt (dst IN OUT NOCOPY CLOB CHARACTER SETANY_CS,
src IN BLOB, typ IN PLS_INTEGER, key INRAW, iv IN RAW DEFAULT NULL);
ENCRYPT
Encrypt plain text data using stream or block cipher with usersupplied key and optional iv
Overload 1dbms_crypto.encrypt(src IN RAW, typ IN PLS_INTEGER, key INRAW, iv IN RAW DEFAULT NULL) RETURN RAW;
set serveroutput on
DECLARE
l_credit_card_no VARCHAR2(19) :='1234-5678-9012-3456';
l_ccn_raw RAW(128) :=utl_raw.cast_to_raw(l_credit_card_no);
l_key RAW(128) := utl_raw.cast_to_raw('abcdefgh');
l_encrypted_raw RAW(2048);
l_decrypted_raw RAW(2048);
BEGIN
dbms_output.put_line('Original : ' ||l_credit_card_no);
l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw,
dbms_crypto.des_cbc_pkcs5, l_key);
dbms_output.put_line('Encrypted : ' ||
RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));
l_decrypted_raw := dbms_crypto.decrypt(src =>l_encrypted_raw,
typ => dbms_crypto.des_cbc_pkcs5,key => l_key);
dbms_output.put_line('Decrypted : ' ||
utl_raw.cast_to_varchar2(l_decrypted_raw));
END;
/
set serveroutput on
DECLARE
enc_val RAW(2000);
l_key RAW(2000);
l_key_len NUMBER := 128/8; -- convert bits tobytes
l_mod NUMBER := dbms_crypto.ENCRYPT_AES128
+ dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_PKCS5;
BEGIN
l_key := dbms_crypto.randombytes(l_key_len);
enc_val := dbms_crypto.encrypt(
utl_i18n.string_to_raw('1234-5678-9012-3456','AL32UTF8'),
l_mod, l_key);
dbms_output.put_line(enc_val);
END;
/
Overload 2dbms_crypto.encrypt(dst IN OUT NOCOPY BLOB, src INBLOB, typ IN PLS_INTEGER, key IN RAW, iv IN RAW DEFAULTNULL);
Overload 3dbms_crypto.encrypt(dst IN OUT NOCOPYBLOB, src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER, key IN RAW,iv IN RAW DEFAULT NULL);
dbms_crypto.encrypt(UTL_RAW.CAST_TO_RAW(CONVERT('XXX','AL32UTF8')),typ,key);
HASH
Hash source data by cryptographic hash type
Overload 1dbms_crypto.hash(src IN RAW, typ IN PLS_INTEGER) RETURNRAW;
Overload 2dbms_crypto.hash(src IN BLOB, typ IN PLS_INTEGER) RETURNRAW;
Overload 3dbms_crypto.hash(src IN CLOB CHARACTER SETANY_CS, typ IN PLS_INTEGER) RETURN RAW;
MAC
Message Authentication Code algorithms provide keyed messageprotection
Overload 1dbms_crypto.mac(src IN RAW, typ IN PLS_INTEGER, key INRAW) RETURN RAW;
Overload 2dbms_crypto.mac(src IN BLOB, typ IN PLS_INTEGER, key INRAW)
RETURN RAW;
Overload 3dbms_crypto.mac(src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
RANDOMBYTES
Returns a raw valuecontaining a pseudo-random sequence of bytesdbms_crypto.randomnytes(number_bytes PLS_INTEGER) RETURNRAW;
SELECT dbms_crypto.randombytes(1)FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(1)) FROM dual;
SELECT dbms_crypto.randombytes(28) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(28)) FROM dual;
SELECT dbms_crypto.randombytes(64) FROM dual;
SELECT LENGTH(dbms_crypto.randombytes(64)) FROM dual;
RANDOMINTEGER
Returns a randomBINARY_INTEGERdbms_crypto.randominteger RETURN NUMBER;
SELECT dbms_crypto.randomintegerFROM dual;
RANDOMNUMBER
Returns a random OracleNumberdbms_crypto.randomnumber RETURN NUMBER;
SELECT dbms_crypto.randomnumberFROM dual;