Morning Ken, On 23/04/12 20:54, Norman Dunbar wrote: > I'm not 100% sure as I'm away from my desk at present, but I think when > I used DES3 a few years ago, I needed to pad the text to be encrypted to > a multiple of some length. I'll check tomorrow. I'm in the office and I've checked my code. It is true, the data to be encrypted needs to be a multiple of 8 characters long. As per this from my code's package body: function encrypt(iString in blob) return blob as vData raw(1024); vBlob blob; begin -- Extract raw data, pad it out & encrypt it vData := BlobToRaw(iBlob => iString, iPad => true); vData := dbms_obfuscation_toolkit.DESEncrypt(...); The BlobToRaw code is this: function BlobToRaw(iBlob in blob, iPad in boolean := true) as vRaw raw(1024; vLength number; vPad integer ... begin vLength := dbms_lob.GetLength(iBlob); if (vLength <> 0) then -- Read blob into raw ... end if; -- Pad if required if (iPad) then vPad := 8 - mod(vLength, 8); if (vPad <> 0) then vRaw := utl_raw.concat(vRaw, utl_raw.cast_to_raw(rpad(chr(0), vPad, chr(0)) ) ); end if; end if; ... I remember reading somewhere that the data has to be an exact multiple of 8 characters long. In the docs for dbms_obfuscation_toolkit for 9i I think. I also note that I seem to have used the iPad name long before Apple, wonder if I can sue! ;-) By the way, this was part of a password vault system I had to write many many years ago, all my data are well short of the 1024 characters I'm using for the RAWs above. HTH Cheers, Norm. -- Norman Dunbar Dunbar IT Consultants Ltd Registered address: Thorpe House 61 Richardshaw Lane Pudsey West Yorkshire United Kingdom LS28 7EL Company Number: 05132767 -- //www.freelists.org/webpage/oracle-l