A.2. DBMS_CRYPTO This package is available only in Oracle Database 10g. Like the DBMS_OBFUSCATION_TOOLKIT used in Oracle9i Database, it provides encryption, decryption, key generation, and hashing programs. It also provides message authentication code (MAC) programs.
This function generates a cryptographically secure key for encryption. It accepts one input parameter and returns the key as a RAW datatype. Parameter name | Datatype | Description |
|---|
number_bytes | BINARY_INTEGER | Length of the random value to be generated |
This program produces encrypted values from input values. The program is overloaded as a function and two procedures, and is further overloaded for different datatypes. Function Version Accepts four input parameters and returns the encrypted value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | RAW | Value to be encrypted. This value may be of any length. | typ | BINARY_INTEGER | Combines the encryption algorithm, padding method, and chaining method. | key | RAW | Encryption key. | iv | RAW | Initialization vector. This value is added to the input value to reduce the repetition of encrypted values. This parameter must be specified if it was used during encryption, and it must be the same value used for encryption. |
ProcedureVersion 1 Encrypts LOBs. To encrypt non-LOB values, use the function version of ENCRYPT. This version accepts four input parameters and returns the encrypted value as a RAW datatype. Parameter name | Datatype | Description |
|---|
dst | BLOB | OUT parameter; the encrypted value is passed back to the user in this parameter. | src | BLOB | BLOB value or resource locator to be encrypted. | typ | BINARY_INTEGER | Combines the encryption algorithm, padding method, and chaining method. | key | RAW | Encryption key. | iv | RAW | Initialization vector. This value is added to the input value to reduce the repetition of encrypted values. It is optional. |
ProcedureVersion 2 Identical to the first procedure version, except that it is used to encrypt CLOB data. Parameter name | Datatype | Description |
|---|
dst | BLOB | OUT parameter; the encrypted value passed back to the user in this parameter. | src | CLOB | CLOB value or resource locator to be encrypted. | typ | BINARY_INTEGER | Combines the encryption algorithm, padding method, and chaining method. | key | RAW | Encryption key. | iv | RAW | Initialization vector. This value is added to the input value to reduce the repetition of encrypted values. It is optional. |
This program decrypts encrypted values. Like ENCRYPT, the program is overloaded as a function and two procedures, and is further overloaded for different datatypes. Function Version Accepts four input parameters and returns the decrypted value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | RAW | Encrypted value to be decrypted. | typ | BINARY_INTEGER | Combines the encryption algorithm, padding method and chaining method. It must be the same one used during encryption. | key | RAW | Encryption key; must be the same one used during encryption. | iv | RAW | Initialization vector. This value is added to the input value to reduce the repetition of encrypted values. This parameter must be specified if it was used during encryption, and it must be the same value used for encryption. |
ProcedureVersion 1 Decrypts encrypted LOBs. To decrypt encrypted non-LOB values, use the function variant of DECRYPT instead. This version accepts four input parameters and returns the decrypted value in the BLOB datatype. Parameter name | Datatype | Description |
|---|
dst | BLOB | Decrypted value is placed here. | src | BLOB | Encrypted BLOB value or resource locator to be decrypted. | typ | BINARY_INTEGER | Combines the encryption algorithm, padding method, and chaining method. It must be the same one used during encryption. | key | RAW | Encryption key; must be the same one used during encryption. | iv | RAW | Initialization vector. This value is added to the input value to reduce the repetition of encrypted values. This parameter must be specified if it was used during encryption, and it must be the same value used for encryption. |
ProcedureVersion 2 Identical to the first procedure version, except that it is used to decrypt encrypted CLOB data. Parameter name | Datatype | Description |
|---|
dst | CLOB | Decrypted value is placed here. | src | BLOB | Encrypted BLOB value or resource locator to be decrypted. | typ | BINARY_INTEGER | Combines the encryption algorithm, padding method, and chaining method. This value must be the same as the one used during encryption. | key | RAW | Encryption key; must be the same as the one used during encryption. | iv | RAW | Initialization vector. This value is added to the input value to reduce the repetition of encrypted values. This parameter must be specified if it was used during encryption, and it must be the same value used for encryption. |
This program generates cryptographic hash values from the input values. You can generate Message Digest (MD) or Secure Hash Algorithm 1 (SHA-1) hash values by specifying the appropriate typ parameter. This program is overloaded with three functions FunctionVersion 1 Generates hash values of non-LOB datatypes. This version accepts two parameters and returns the hash value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | RAW | Input value whose hash value is to be generated | typ | BINARY_INTEGER | Hash algorithm to be used: DBMS_CRYPTO.HASH_MD5 for MD5 or DBMS_CRYPTO.HASH_SH1 for SHA-1 |
FunctionVersion 2 Generates hash values of BLOB datatypes. This version accepts two parameters and returns the hash value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | BLOB | Input BLOB value or resource locator whose hash value is to be generated | typ | BINARY_INTEGER | Hash algorithm to be used: DBMS_CRYPTO.HASH_MD5 for MD5 or DBMS_CRYPTO.HASH_SH1 for SHA-1 |
FunctionVersion 3 Generates hash values of CLOB datatypes. This version accepts two parameters and returns the hash value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | CLOB | Input CLOB value or resource locator whose hash value is to be generated | typ | BINARY_INTEGER | Hash algorithm to be used: DBMS_CRYPTO.HASH_MD4 for MD4, DBMS_CRYPTO.HASH_MD5 for MD5, or DBMS_CRYPTO.HASH_SH1 for SHA-1 |
This program generates Message Authentication Code (MAC) values from the input values. MAC values are similar to hash values, but they have an added key. You can generate either Message Digest (MD) or Secure Hash Algorithm 1 (SHA-1) MAC values by specifying the appropriate typ parameter. Like HASH, this program is overloaded with three functions. FunctionVersion 1 Generates MAC values of non-LOB datatypes. This version accepts three parameters and returns the MAC value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | RAW | Input value whose MAC value is to be generated | typ | BINARY_INTEGER | MAC algorithm to be used: DBMS_CRYPTO.HMAC_MD5 for MD5 or DBMS_CRYPTO.HMAC_SH1 for SHA-1 | key | RAW | Key used to build the MAC value |
FunctionVersion 2 Generates hash values of BLOB datatypes. This version accepts two parameters and returns the hash value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | BLOB | Input value whose MAC value is to be generated | typ | BINARY_INTEGER | MAC algorithm to be used: DBMS_CRYPTO.HMAC_MD5 for MD5 or DBMS_CRYPTO.HMAC_SH1 for SHA-1 | key | RAW | Key used to build the MAC value |
FunctionVersion 3 Generates hash values of CLOB datatypes. This version accepts two parameters and returns the hash value as a RAW datatype. Parameter name | Datatype | Description |
|---|
src | CLOB | Input value whose MAC value is to be generated | typ | BINARY_INTEGER | MAC algorithm to be used: DBMS_CRYPTO.HMAC_MD5 for MD5 or DBMS_CRYPTO.HMAC_SH1 for SHA-1 | key | RAW | Key used to build the MAC value |
| 